[Samba] UID/GID mapping consistency across at least two Linux machines
Chris Smith
smb_77 at chrissmith.org
Wed Apr 11 14:26:47 MDT 2012
On Wed, Apr 11, 2012 at 3:50 PM, bakytn <bakytn at gmail.com> wrote:
> I tried the old config and newer.
>
> idmap backend = rid:DOMAIN=4000-20000
> idmap uid = 4000-20000
> idmap gid = 4000-20000
Doesn't look right - man smb.conf - for the correct syntax. For your
version I think it should be more like:
idmap backend = tdb
idmap uid = 300000-400000
idmap gid = 300000-400000
idmap config DOMAIN:backend = rid
idmap config DOMAIN:range = 2000-299999
from man smb.conf:
winbind uses this parameter to find the backend that is authoritative
for a unix ID
to SID mapping, so it must be set for each individually
configured domain, and it
must be disjoint from the ranges set via idmap uid and idmap gid.
> My version is SAMBA 3.5.11
If you check the release notes you'll find that 3.5.12 fixed a winbind
race issue in 3.5.11. Also there's a security exploit and it's a good
idea to update to 3.5.14, or 3.6.4. I'm still a bit leery of the 3.6
series for production and hopefully 3.6.5 will be released soon fixing
some outstanding issues.
Chris
More information about the samba
mailing list