[Samba] idmap confusion

Gémes Géza geza at kzsdabas.hu
Sat Aug 4 22:52:09 MDT 2012 

2012-08-04 12:07 keltezéssel, steve írta:
> On 03/08/12 21:54, Gémes Géza wrote:
>> 2012-08-03 18:46 keltezéssel, steve írta:
>>> On 03/08/12 13:39, Gémes Géza wrote:
>>>> 2012-08-03 13:07 keltezéssel, steve írta:
>>>>> Three unfathormable questions:
>>>>> 1.
>>>>> What's the difference between:
>>>>>
>>>>> idmap_ldb : use rfc2307 = Yes
>>>> It is a samba4 winbind setting, so you need it on the Samba4 AD
>>>> controller only
>>>>> and
>>>>> idmap config * : backend = ad
>>>> the correct form is:
>>>> idmap config SOMEDOMAINNAME : backend =ad
>>>>
>>>> and instructs the winbind from the samba3 suite to look up the uids 
>>>> gids
>>>> from AD for accounts in SOMEDOMAINNAME
>>>>>
>>>>> 2.
>>>>> Do the terms in (1) above apply equally to Samba4 beta6 and Samba
>>>>> 3.6.3?
>>>>>
>>>>> 3.
>>>>> If I specify either in (1) then
>>>>> idmap config : range = abc-xyz
>>>>> becomes meaningless.
>>>> No. With idmap_ad you map all not specifically configured domains 
>>>> using:
>>>> idmap backend = tdb
>>>> idmap uid = some uninteresting range
>>>> idmap gid = some uninteresting range
>>>>
>>>> then for each DOMAIN you want to get the idmap information from the 
>>>> AD,
>>>> you specify:
>>>> idmap config INTERESTINGDOMAIN1 : backend  = ad
>>>> idmap config INTERESTINGDOMAIN1 : range = first range
>>>>
>>>> idmap config INTERESTINGDOMAIN2 : backend  = ad
>>>> idmap config INTERESTINGDOMAIN2 : range = second range
>>>>
>>>> and so on.
>>>>>
>>>>> Cheers,
>>>>> Steve
>>>> Regards
>>>>
>>>> Geza
>>>
>>> Hi Geza
>>> On the Samba4 DC:
>>> Despite having:
>>> idmap config INTERESTINGDOMAIN1 : backend  = ad
>>> idmap config INTERESTINGDOMAIN1 : range = first range
>>>
>> No! You have misunderstood how things work currently.
>> On Samba4 those settings have NO meaning.
>> The only smb.conf setting which is meaningful for the samba4 winbind is
>> that with rfc2307
>> All the idmap_ad options have to be written in the samba3 clients 
>> smb.conf
>
> Ho Geza
> Thanks.
> Got it.
> Samba4 DC:
> idmap_ldb use : rfc2307 = Yes
>
> Samba3.6 client:
> idmap config INTERESTINGDOMAIN1 : backend  = ad
> idmap config INTERESTINGDOMAIN1 : range = 
> abitlessthanlowestnumberIhaveforUID/GID - abitbiggerthanthe 
> biggestnumberforUID/GID
>
> How does that look?
> Cheers,
> Steve
>
Looking good, but please don' forget about the uninteresting part with 
tdb backend on samba3.

Regards

Geza

More information about the samba mailing list