[Samba] ldap idmap backend

Vladimir Vassiliev vova at edu.yar.ru
Thu Mar 17 08:25:07 MDT 2011

17.03.2011 17:12, Bruce Richardson пишет:
> On Thu, Mar 17, 2011 at 05:06:03PM +0300, Vladimir Vassiliev wrote:
>>> Why have you created a local computer domain, out of interest?
>> I didn't do it, Samba did. Really I dunno how to "add" extra domain to Samba.
>> How can I delete this domain?
> Something did it.  Was this machine a domain controller before it was
> joined to the CORP domain?  Can you show us the idmap-related section of
> your samba config?
This happens with every host I join to domain, i.e. every host tries to create its own <SID-HOST>-513.

Whole smb.conf of newly installed host
         workgroup = CORP
         security = ADS
         realm = CORP.EDU.YAR.RU
         encrypt passwords = yes
         load printers = no
         winbind enum users = yes
         winbind enum groups = yes
         winbind nested groups = yes
         idmap uid = 1000-30000
         idmap gid = 1000-30000
         idmap backend = ldap
         winbind offline logon = yes
         idmap backend = ldap:ldaps://<ldap host>/
         ldap admin dn = cn=admin,dc=corp,dc=edu,dc=yar,dc=ru
         ldap suffix = dc=corp,dc=edu,dc=yar,dc=ru
         ldap idmap suffix = ou=idmap
         ldap ssl = off

Vladimir Vassiliev

More information about the samba mailing list