[Samba] idmap with member servers

Neil Price nprice at gibb.co.za
Tue Apr 13 07:11:32 MDT 2010

I'm using a member server joined to my primary domain. I'm using winbind 
because I have a trusted domain.

both pdc and member server has

    idmap uid = 80000-90000
    idmap gid = 80000-90000
    idmap backend = ldap:ldap://my.pcd

member server has

password server = *

(and no passdb line)

nsswitch.conf on the member is
passwd:         compat winbind
group:          compat winbind
shadow:         compat

Everything works great. Mappings are stored in idmap and I have 
consistent uids for the trusted domain on both the pdc and the member 

However mappings for the primary domain (that the server is a member of) 
on the member server are diifferent from the pdc of that domain because 
it creates new mappings in  idmap in ldap.

That means that all member servers will have consistent mappings for the 
primary domain and all bdcs will have consistent mappings but the 2 sets 
of mappings will not be the same.

Is there any way I can make the 2 sets the same? Samba is 3.4.7.

More information about the samba mailing list