[Samba] winbind bug?

steve steve at steve-ss.com
Thu Mar 27 09:24:37 MDT 2014

On Thu, 2014-03-27 at 07:40 -0700, Shane Robinson wrote:
> Am I wrong thinking the overlapping idmap ranges are (part of) the problem?
> Shane Robinson


The ranges must not overlap AT ALL. Try:

 idmap config * : backend = rid
    idmap config * : range = 3000000 - 3100000
    idmap config SEAS:backend = rid
    idmap config SEAS:range = 1000 - 40000
    idmap config SEAS-S:backend = rid
    idmap config SEAS-S:range = 40001 - 50001

Oh, I'd really recommend using the ad backend with the uid values stored
in AD. That way, there are no algorithms and no separate database to get
in the way. If it's in the directory and you pull it from there (like
all other attributes) then it can nnly be one single value. On all DC's.

More information about the samba mailing list