[Samba] ID mapping
Gaiseric Vandal
gaiseric.vandal at gmail.com
Thu Apr 17 08:08:51 MDT 2014
I am not sure if the "idmap config *" entries really are needed. I
should probably remove them from my config as well. I think I
put them in to enable idmapping in general. It doesn't create
idmap entries for the local domain since the LDAP entry for each user
already has both a unix id and windows SID. I use LDAP for unix
level authentication as well authentication.
Is idmap causing issues for the local domain only or also the trusted
domain?
On 04/17/2014 09:50 AM, Williams, Jeff wrote:
> Thanks for the response. Yes, several times I have stopped Samba, cleared
> the TDB files, then restarted it. It's OK for a while, but at some point,
> something triggers a problem, and winbind starts to mis-map SIDs to UID
> numbers. Doing a "net cache flush" fixed it, temporarily.
>
> So how would you configure smb.conf to NOT use ID mapping for the local
> domain, but use it for the trusted domain? Would it simply involve
> removing (or commenting out) these lines?
>
> idmap config * : backend = tdb
> idmap config * : range = 1000-89000
>
> But leaving these?
>
> idmap config DACCEMP : backend = rid
> idmap config DACCEMP : range = 90000-99000
>
>
>
> On Wed, Apr 16, 2014 at 2:11 PM, Williams, Jeff <jeff at dacc.edu> wrote:
>
>> We are using winbind because of a trust with a second domain, which is
>> also served by an RHEL/Samba/LDAP server. This allows users from that
>> other domain to log into workstations that are members of this domain. If
>> I can configure the student server NOT to use winbind for users of the
>> students domain, that would be fine. But I still need to support the other
>> domain, and I had understood that this would require winbind to map the
>> users. Suggestions on how to accomplish this? The same smb.conf worked
>> fine on the previous (physical) server.
>>
>> --
>>
>> Jeff Williams
>>
>
>
More information about the samba
mailing list