[Samba] ID mapping

Gaiseric Vandal gaiseric.vandal at gmail.com
Thu Apr 17 08:08:51 MDT 2014


I am not sure if the "idmap config *" entries really are needed.     I 
should probably remove them from my config as well.         I think I 
put them in to enable idmapping in general.          It doesn't create 
idmap entries for the local domain since the LDAP entry for each user 
already has both a unix id and windows SID.     I use LDAP for  unix 
level authentication as well authentication.


Is idmap causing issues for the local domain only or also  the trusted 
domain?




On 04/17/2014 09:50 AM, Williams, Jeff wrote:
> Thanks for the response.  Yes, several times I have stopped Samba, cleared
> the TDB files, then restarted it.  It's OK for a while, but at some point,
> something triggers a problem, and winbind starts to mis-map SIDs to UID
> numbers.  Doing a "net cache flush" fixed it, temporarily.
>
> So how would you configure smb.conf to NOT use ID mapping for the local
> domain, but use it for the trusted domain?  Would it simply involve
> removing (or commenting out) these lines?
>
> idmap config * : backend = tdb
> idmap config * : range = 1000-89000
>
> But leaving these?
>
> idmap config DACCEMP : backend = rid
> idmap config DACCEMP : range = 90000-99000
>
>
>
> On Wed, Apr 16, 2014 at 2:11 PM, Williams, Jeff <jeff at dacc.edu> wrote:
>
>> We are using winbind because of a trust with a second domain, which is
>> also served by an RHEL/Samba/LDAP server.  This allows users from that
>> other domain to log into workstations that are members of this domain.  If
>> I can configure the student server NOT to use winbind for users of the
>> students domain, that would be fine.  But I still need to support the other
>> domain, and I had understood that this would require winbind to map the
>> users.  Suggestions on how to accomplish this?  The same smb.conf worked
>> fine on the previous (physical) server.
>>
>> --
>>
>> Jeff Williams
>>
>
>



More information about the samba mailing list