[Samba] Domain member (2k8R2) server, problem mapping Kerberos/NSS users

George jorgito1412 at gmail.com
Mon Jul 21 09:51:56 MDT 2014


As it was mentioned before: you need winbind running and also you need
to manually specify a range for the "idmap config * " option.

Furthermore, I would recommend to specify the same range on "idmap
config MY-DOMAIN.TLD : range", as the slice that sssd chose for your
domain (by default, the slice size is 200000). Even better, if you
have just one domain it is best to manually force the first slice with
"ldap_idmap_default_domain_sid" option on sssd.conf. If you configure
sssd this way, then you can set "idmap config MY-DOMAIN.TLD : range =
200000-399999" and you can be sure that you are covering the whole
mapping space for your domain.



More information about the samba mailing list