[Samba] Winbind rid + SID History creating duplicate per-user groups

Josh Kelley joshkel at gmail.com
Tue Jul 29 14:50:08 MDT 2014


On Tue, Jul 29, 2014 at 4:17 AM, steve <steve at steve-ss.com> wrote:
> Hi
> You need both
> 1. the *
> and the
> 2. MYDOMAIN
> ranges listed in [global]
> and
> 3. Those ranges must not overlap.

Thanks.  I thought I had the MYDOMAIN working by itself, but I think
my mistake was that I'd failed to clear winbind's caches and was
seeing old info.  (I don't know if there's a recommended way of
testing winbind configs besides deleting winbind*.tdb and
gencache*.tdb between tests.)

> If you want consistent id mapping across the whole of the domain you
> must put your uid:gid pairs in AD and use the AD backend. It may be
> possible without but after years of trying, we've never achieved it.

We've been using rid for consistent mapping for several years now.
Prior to upgrading to Samba 4.x, it never caused problems.

-- 
Josh Kelley


More information about the samba mailing list