[Samba] Winbind rid + SID History creating duplicate per-user groups

steve steve at steve-ss.com
Tue Jul 29 02:17:18 MDT 2014

On Mon, 2014-07-28 at 10:52 -0400, Josh Kelley wrote:
> I had seen that the idmap directives were deprecated, and I tried
> updating them, but it didn't help.  I tried both
>     idmap config * : backend  = rid
>     idmap config * : range = 10000-30000
> and
>     idmap config MYDOMAIN : backend = rid
>     idmap config MYDOMAIN : range = 10000-30000
You need both
1. the *
and the
ranges listed in [global]
3. Those ranges must not overlap.

If you want consistent id mapping across the whole of the domain you
must put your uid:gid pairs in AD and use the AD backend. It may be
possible without but after years of trying, we've never achieved it.


More information about the samba mailing list