[Samba] idmap config / Is it necessary in my smb.conf file?

lp101 lingpanda101 at gmail.com
Tue May 6 12:22:31 MDT 2014

Thank you. Can you maybe clarify this sentence from the wiki(Setup A 
Samba AD Member Server).

"For all non-domain accounts (like the local Administrator, etc.) the 
mappings are stored with this configuration in a local TDB file and the 
IDs are taken from the given range. The local range must not overlap 
with the one specified for your domain! "

Am I defining the local accounts with this line?

  idmap config *:range = 70001 - 80000

And Domain accounts with this line?

idmap config SAMDOM:range = 500-40000

Should I use these default ranges or can you point me in the direction 
to read more about these values? Thanks.

On 5/6/2014 12:36 PM, Michael Adam wrote:
> On 2014-05-06 at 10:44 -0400, lp101 wrote:
>>      I have a bit more clarity after reading the link I posted. If
>> I'm correct I only need to define these settings on the member
>> server? This way the member server can translate the Windows SIDs
>> (from the Domain Controllers) to UID/GIDs (on the member server).
>> Correct?
> Correct. Currently only the member server running the external
> winbindd daemon understands these settings.
> For the AD/DC setup, these won't have any effect.
> Cheers - Michael
>> -James
>> On 5/5/2014 3:55 PM, lp101 wrote:
>>> I'm unclear on exactly if I need this in my smb.conf file. I've
>>> provisioned my domain with --use-rfc2307 but did not do any
>>> further mapping of UID and GUID in my smb.conf file. I'm currently
>>> running 6 Samba4 DC's and am in the process of adding member
>>> servers for file sharing. Following the wiki for AD Member Server
>>> setup I'm asked to enter idmap config data in my smb.conf file.
>>> This is what spawned this question. Must I go back to my DC's and
>>> enter this info prior to setup of the member server and join? T
>>> idmap config *:backend = tdb
>>>     idmap config *:range = 70001-80000
>>>     idmap config SAMDOM:backend = ad
>>>     idmap config SAMDOM:schema_mode = rfc2307
>>>     idmap config SAMDOM:range = 500-40000
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list