[Samba] idmap config range problem

Sebastian Neustein sebastian.neustein at arc-aachen.de
Tue Apr 10 06:21:29 MDT 2012

Hi everyone

after upgrading to the current samba version I found some 
 idmap uid deprecated
messages in my logs or when I used smbstatus.

I found out I need to use 
 idmap config

Now my questions;
- when setting 
  idmap config * : range = 1000 - 2000
  I get following log messages:
  "no backend defined for idmap config DOM"
  "idmap range not specified for domain DOM"

  wbinfo --allocate-uid works
  net rpc user add works too

- when I set
  idmap config DOM : range = 1000 - 2000
  idmap config DOM : backend = tdb
  I get tons of log messages saying
  "idmap range not specified for domain *"
  wbinfo --allocate-uid: "failed to call wbcAllocateUid: WBC_ERR_DOMAIN_NOT_FOUND"

- when I set
  idmap config * : range = 12000 - 20000
  idmap config DOM : range = 90000 - 99999
  idmap config DOM : backend = tdb

  log message: nothing

  wbinfo --allocate-uid: "failed to call wbcAllocateUid:
WBC_ERR_DOMAIN_NOT_FOUND Could not allocate a uid"
  net rpc user add name: "Failed to add user 'name' with error: A device
attached to the system is not functioning.."

After these changes and before restarting winbindd I deleted the
winbindd-idmap.tdb file. This gave the log message: "Upgrading
winbindd_idmap.tdb from an old version"

After reading the man page I understood that the first version should be
sufficient. But apparently it's not - though it's still the best working
solution. The howtos on the samba page still use the old idmap gid range
version. I could not find anything on this.

Anyway how do I know which name for DOM do I need to use? 

I use samba 3.6.3 from debian squeeze-backports and debian stable.

my smb.conf:
  workgroup = DOM
  netbios name = DOMServer
  interfaces = eth0
  bind interfaces only = true
  server string = DOM Samba Server

  # domain settings
  domain master = yes
  domain logons = yes

  # become local master browser
  os level = 100
  preferred master = yes

  # maybe wins support - needs changes to dhcp server
  wins support = no

  # ldap settings
  passdb backend = ldapsam
  ldap suffix = dc=domain,dc=de
  ldap admin dn = cn=samba,dc=domain,dc=de
  ldap user suffix = ou=users
  ldap group suffix = ou=groups
  ldap machine suffix = ou=computers
  ldap idmap suffix = ou=idmaps
  ldap ssl = no
  ldapsam:trusted = yes
  ldapsam:editposix = yes

  # winbind settings
  idmap config * : range = 12000 - 20000
  idmap config DOM : backend = tdb
  idmap config DOM : range = 90000 - 99999

  # logon
  logon path = \\%N\profiles\%U\%a
  logon script = logon.bat
  logon drive = i:

  # create mask
  create mask = 740
  directory mode = 750
  force create mode = 020
  force directory mode = 020

  # logging
  log file = /var/log/samba/log.smbd.%m
  log level = 1
  syslog = 0
  # max log size = 5000 default

  # Do something sensible when Samba crashes: mail the admin a backtrace
  panic action = /usr/share/samba/panic-action %d

  # printing - disabled
  load printers = no
  printing = bsd
  printcap name = /dev/null
  disable spoolss = yes
  time server = yes
  unix extensions = false

  # vfs module vfs_acl_xattr - all NT ACL are saved
  vfs object = acl_xattr

Thanks for any help


More information about the samba mailing list