[Samba] idmap config / Is it necessary in my smb.conf file?
Marc Muehlfeld
mmuehlfeld at samba.org
Tue May 6 12:34:21 MDT 2014
Hello,
Am 06.05.2014 20:22, schrieb lp101:
> Thank you. Can you maybe clarify this sentence from the wiki(Setup A
> Samba AD Member Server).
>
> "For all non-domain accounts (like the local Administrator, etc.) the
> mappings are stored with this configuration in a local TDB file and the
> IDs are taken from the given range. The local range must not overlap
> with the one specified for your domain! "
>
> Am I defining the local accounts with this line?
>
> idmap config *:range = 70001 - 80000
Yes.
Each member server has local accounts too, like every, Windows Server or
Workstation. They have a local administrator, and other users. And local
groups like Users, Power Users, etc.
And because this accounts are local on each workstation/server, you
store them in a local database and not on a central place.
> And Domain accounts with this line?
>
> idmap config SAMDOM:range = 500-40000
Yes.
> Should I use these default ranges or can you point me in the direction
> to read more about these values? Thanks.
For the domain you have to define a range that you really use in your
AD. If you start assigning UID/GIDs between 500 and 40000, you can leave
this. If you assign only between 5000 and 6000, then choose this range.
This are the UID/GIDs you assign e. g. in the Unix attributes tab of ADUC.
Regards,
Marc
More information about the samba
mailing list