[Samba] winbind bug?
Doug Tucker
tuckerd at lyle.smu.edu
Thu Mar 27 09:48:12 MDT 2014
OK, I changed mine back so this won't be any point of discussion.
idmap config * : backend = ad
idmap config * : range = 3000000 - 3100000
idmap config SEAS:backend = rid
idmap config SEAS:range = 1000 - 40000
idmap config * : schema_mode = rfc2307
idmap config SEAS-S:backend = rid
idmap config SEAS-S:range = 40001 - 60000
There is NO change to anyone. Users with unix id's < 11000 work, users
with unix id's > 11000 do not work.
Also, the domain makes no difference either. I have users affected in
both domains. Again, IF their unix ID is > 11000. Also, ALL users in
both domains with unix id's < 11000 work just fine.
Sincerely,
Doug Tucker
On 03/27/2014 10:24 AM, steve wrote:
> On Thu, 2014-03-27 at 07:40 -0700, Shane Robinson wrote:
>> Am I wrong thinking the overlapping idmap ranges are (part of) the problem?
>> Shane Robinson
> Hi
> Yes.
>
> The ranges must not overlap AT ALL. Try:
>
> idmap config * : backend = rid
> idmap config * : range = 3000000 - 3100000
> idmap config SEAS:backend = rid
> idmap config SEAS:range = 1000 - 40000
> idmap config SEAS-S:backend = rid
> idmap config SEAS-S:range = 40001 - 50001
> HTH
> Steve
>
> Oh, I'd really recommend using the ad backend with the uid values stored
> in AD. That way, there are no algorithms and no separate database to get
> in the way. If it's in the directory and you pull it from there (like
> all other attributes) then it can nnly be one single value. On all DC's.
>
>
More information about the samba
mailing list