[Samba] winbind: how to fix uid/SID mapping following migration to a new DC

Jean-Yves Avenard jyavenard at gmail.com
Fri Dec 9 15:54:25 MST 2011


On Friday, 9 December 2011, Jonathan Buzzard <jonathan at buzzard.me.uk> wrote:

> Your two ranges are overlapping and it just don't work if you do that. I have no idea why and it is not well documented why it does not work. Also you have to the plain "idmap backend" config line setup as a tdb backend. Something like this what you need.
>   idmap backend = tdb
>   idmap uid = 2000000-2999999
>   idmap gid = 2000000-2999999
>   idmap config ALLORATECH : backend = ad
>   idmap config ALLORATECH : schema_mode = rfc2307
>   idmap config ALLORATECH : readonly = yes
>   idmap config ALLORATECH : range = 1000-1999999
> Seems to come up fairly regularly this one and I can tell you it took me ages to work out a working configuration. This has been really stable for me however other than some random winbind deaths which I papered over with monit. Though a more recent 3.5.x version of Samba might fix that as there seems to have been a lot of bug fixes for it.
> Note this is for 3.5.x and it has all been changed again in 3.6.x so god only knows how you configure it for that.

Thanks for your answer.

If you do it that way, will it use the uidNumber LDAP entry as uid for
the domain user?

Also, what is the read only config for?


More information about the samba mailing list