[Samba] UID/GID mapping consistency across at least two Linux machines

Chris Smith smb_77 at chrissmith.org
Wed Apr 11 14:26:47 MDT 2012

On Wed, Apr 11, 2012 at 3:50 PM, bakytn <bakytn at gmail.com> wrote:
> I tried the old config and newer.
>   idmap backend = rid:DOMAIN=4000-20000
>   idmap uid = 4000-20000
>   idmap gid = 4000-20000

Doesn't look right - man smb.conf - for the correct syntax. For your
version I think it should be more like:

idmap backend = tdb
idmap uid = 300000-400000
idmap gid = 300000-400000
idmap config DOMAIN:backend = rid
idmap config DOMAIN:range = 2000-299999

from man smb.conf:
winbind uses this parameter to find the backend that is authoritative
for a unix ID
               to SID mapping, so it must be set for each individually
configured domain, and it
               must be disjoint from the ranges set via idmap uid and idmap gid.

> My version is SAMBA 3.5.11

If you check the release notes you'll find that 3.5.12 fixed a winbind
race issue in 3.5.11. Also there's a security exploit and it's a good
idea to update to 3.5.14, or 3.6.4. I'm still a bit leery of the 3.6
series for production and hopefully 3.6.5 will be released soon fixing
some outstanding issues.


More information about the samba mailing list