[Samba] samba 3.4.5 idmap alloc broken

Gaiseric Vandal gaiseric.vandal at gmail.com
Tue May 4 14:36:21 MDT 2010

Some time back I upgraded a domain controller (Solaris 10) from samba 
3.0.x to 3.4.5

In order to support interdomain trusts I am using winbind and idmap 
allocation with a samba backend.  Since the upgrade it appears that 
samba is no allocating uid and gid's for trusted domain.

my smb.conf looks something like:


winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = no
winbind trusted domains only = no

# The "idmap domains" has been deprecated in 3.4
# idmap domains = DOMAIN_A DOMAIN_B DOMAIN_C
# Next two lines restored in  3.4 - but prob don't need
idmap uid = 30000-59999
idmap gid = 30000-59999

idmap config DOMAIN_A:backend = ldap
idmap config DOMAIN_A:readonly = no
idmap config DOMAIN_A:default=no
idmap config DOMAIN_A:ldap_base_dn = ou=domain_a,ou=idmap,o=mydomain.com
idmap config DOMAIN_A:ldap_user_dn = cn=Directory Manager
idmap config DOMAIN_A:ldap_url = ldap://ldap1.domain.com
idmap config DOMAIN_A:range = 30000-39999

idmap config DOMAIN_B:backend = ldap
idmap config DOMAIN_B:readonly = no
idmap config DOMAIN_B:default=no
idmap config DOMAIN_B:ldap_base_dn = ou=domain_b,ou=idmap,o=mydomain.com
idmap config DOMAIN_B:ldap_user_dn = cn=Directory Manager
idmap config DOMAIN_B:ldap_url = lldap://ldap1.domain.com
idmap config DOMAIN_B:range = 40000-45999


Domain_A (Windows 2003 AD in Mixed mode) has entries from prior to the 
upgrade and hasn't had new accounts added recently.  Domain_B (Windows 
2008 in Windows 2003 mode) is a new addition.    No idmap entries ever 
populated.  They should have populated after I ran "wbinfo -u" and 
"getent passwd" on the samba PDC.

Any ideas?


More information about the samba mailing list