[Samba] ADS Domain Member smb.conf using idmap_ad

[Freeman]

Greetings Samba Community,

This is the part where i need help, I don't quite understand what range 
of values to put for "idmap uid=RANGE/idmap gid=RANGE" VS "idmap config 
AD : range=" for the domain that i have this machine joined.

I would like for someone to provide me with some explanations/examples 
to try on those three values. sadly, i am at a lost here. I am pretty 
close in getting this machine to work perfectly.
What should be the range values for:
idmap uid=
idmap gid=
idmap config AD : range=

So, my configuration is correct if i were to join a windows 2003 server 
domain with users's uid/gid converted on the windows side ?

I should really be using idmap backend = tdb instead of idmap backend = ad.
There was an error in the winbind log about reading not recognized 
"idmap backend = ad".
Should this really be "idmap backend = idmap_ad" ?

Freeman

On 11/23/2011 06:45 AM, Jonathan Buzzard wrote:
> On Tue, 2011-11-22 at 16:47 -0500, Freeman wrote:
>
> [SNIP]
>
>> # this doesn't seem to work for some reason
>> # i am trying to use idmap_ad
>> #   idmap backend = ad
>>      idmap backend = tdb
>>      idmap uid = 1000-5000000
>>      idmap gid = 1000-5000000
>>
>>      idmap config AD : default = yes
>>      idmap config AD : cache time = 180
>>      idmap config AD : backend  = ad
>>      # idmap config AD : range = 100001-200000
>>      idmap config AD : schema_mode = rfc2307
>>
>>
> Your problem is the id ranges for the tdb and ad backends overlap. I am
> not sure exactly why this is a problem, but the basics are it don't work
> if they do. Fix that, and restart everything and it will all start
> magically working.
>
> JAB.
>