[Samba] idmap config / Is it necessary in my smb.conf file?

Marc Muehlfeld mmuehlfeld at samba.org
Tue May 6 12:34:21 MDT 2014


Am 06.05.2014 20:22, schrieb lp101:
> Thank you. Can you maybe clarify this sentence from the wiki(Setup A
> Samba AD Member Server).
> "For all non-domain accounts (like the local Administrator, etc.) the
> mappings are stored with this configuration in a local TDB file and the
> IDs are taken from the given range. The local range must not overlap
> with the one specified for your domain! "
> Am I defining the local accounts with this line?
>   idmap config *:range = 70001 - 80000


Each member server has local accounts too, like every, Windows Server or 
Workstation. They have a local administrator, and other users. And local 
groups like Users, Power Users, etc.

And because this accounts are local on each workstation/server, you 
store them in a local database and not on a central place.

> And Domain accounts with this line?
> idmap config SAMDOM:range = 500-40000


> Should I use these default ranges or can you point me in the direction
> to read more about these values? Thanks.

For the domain you have to define a range that you really use in your 
AD. If you start assigning UID/GIDs between 500 and 40000, you can leave 
this. If you assign only between 5000 and 6000, then choose this range.

This are the UID/GIDs you assign e. g. in the Unix attributes tab of ADUC.


More information about the samba mailing list