[Samba] idmap confusion

steve steve at steve-ss.com
Sat Aug 4 04:07:13 MDT 2012 

On 03/08/12 21:54, Gémes Géza wrote:
> 2012-08-03 18:46 keltezéssel, steve írta:
>> On 03/08/12 13:39, Gémes Géza wrote:
>>> 2012-08-03 13:07 keltezéssel, steve írta:
>>>> Three unfathormable questions:
>>>> 1.
>>>> What's the difference between:
>>>>
>>>> idmap_ldb : use rfc2307 = Yes
>>> It is a samba4 winbind setting, so you need it on the Samba4 AD
>>> controller only
>>>> and
>>>> idmap config * : backend = ad
>>> the correct form is:
>>> idmap config SOMEDOMAINNAME : backend =ad
>>>
>>> and instructs the winbind from the samba3 suite to look up the uids gids
>>> from AD for accounts in SOMEDOMAINNAME
>>>>
>>>> 2.
>>>> Do the terms in (1) above apply equally to Samba4 beta6 and Samba
>>>> 3.6.3?
>>>>
>>>> 3.
>>>> If I specify either in (1) then
>>>> idmap config : range = abc-xyz
>>>> becomes meaningless.
>>> No. With idmap_ad you map all not specifically configured domains using:
>>> idmap backend = tdb
>>> idmap uid = some uninteresting range
>>> idmap gid = some uninteresting range
>>>
>>> then for each DOMAIN you want to get the idmap information from the AD,
>>> you specify:
>>> idmap config INTERESTINGDOMAIN1 : backend  = ad
>>> idmap config INTERESTINGDOMAIN1 : range = first range
>>>
>>> idmap config INTERESTINGDOMAIN2 : backend  = ad
>>> idmap config INTERESTINGDOMAIN2 : range = second range
>>>
>>> and so on.
>>>>
>>>> Cheers,
>>>> Steve
>>> Regards
>>>
>>> Geza
>>
>> Hi Geza
>> On the Samba4 DC:
>> Despite having:
>> idmap config INTERESTINGDOMAIN1 : backend  = ad
>> idmap config INTERESTINGDOMAIN1 : range = first range
>>
> No! You have misunderstood how things work currently.
> On Samba4 those settings have NO meaning.
> The only smb.conf setting which is meaningful for the samba4 winbind is
> that with rfc2307
> All the idmap_ad options have to be written in the samba3 clients smb.conf

Ho Geza
Thanks.
Got it.
Samba4 DC:
idmap_ldb use : rfc2307 = Yes

Samba3.6 client:
idmap config INTERESTINGDOMAIN1 : backend  = ad
idmap config INTERESTINGDOMAIN1 : range = 
abitlessthanlowestnumberIhaveforUID/GID - abitbiggerthanthe 
biggestnumberforUID/GID

How does that look?
Cheers,
Steve

More information about the samba mailing list