[Samba] Winbind behaviour odd in 3.4.9 and 3.5.6 vs 3.2.14 (Samba domain with Samba member servers)

Alex Crow acrow at integrafin.co.uk
Tue Oct 26 10:35:05 MDT 2010

On 26/10/10 17:28, Gaiseric Vandal wrote:
> I may have indeed forgot to clear the  cache files after upgrading 
> from samba 3.0x to 3.4.x.
> I had various issues with samba servers as member servers -  mostly in 
> keeping idmap entries consistent across machines.   The solution in 
> the end had been to covert the member servers to BDC's and have ldap 
> backend for everything.      Altho I suspect that the "idmap .. 
> backend: nss" may have been an alternate solution.  I don't think it 
> was an option for samba 3.0.x and I needed a BDC anyway.
> I have found the online  samba documention on idmap  less than 
> optimal.  (The man pages are ok tho.)   There are ranges set for each 
> trusted  domain as well as the "idmap alloc config:range."    I am not 
> quite sure if the "idmap alloc config:range" should encompass all the 
> domain ranges or if idmap is supposed to allocate id's from the domain 
> ranges.   My experience so far is that new entries are from "idmap 
> alloc config:range."   I guess the domain specific ranges are where 
> idmap is supposed to check for existing mappings first?
Many thanks GV. I wish there was a newer "By Example" book.

If any of the developers are listening, can you help? Ours should be a 
pretty common setup - two domains, mutually trusting, using NT-style 
auth and permissions, with Samba member servers? It seems that >= 3.4.0 
has made both our configurations outdated (or there is indeed a 
long-persisting bug).



This message is intended only for the addressee and may contain
confidential information.  Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.

"Transact" is operated by Integrated Financial Arrangements plc
Domain House, 5-7 Singer Street, London  EC2A 4BQ
Tel: (020) 7608 4900 Fax: (020) 7608 1200
(Registered office: as above; Registered in England and Wales under number: 3727592)
Authorised and regulated by the Financial Services Authority (entered on the FSA Register; number: 190856)

More information about the samba mailing list