[Samba] idmap config / Is it necessary in my smb.conf file?

lp101 lingpanda101 at gmail.com
Tue May 6 13:25:40 MDT 2014


Thank you.

On 5/6/2014 2:34 PM, Marc Muehlfeld wrote:
> Hello,
>
> Am 06.05.2014 20:22, schrieb lp101:
>> Thank you. Can you maybe clarify this sentence from the wiki(Setup A
>> Samba AD Member Server).
>>
>> "For all non-domain accounts (like the local Administrator, etc.) the
>> mappings are stored with this configuration in a local TDB file and the
>> IDs are taken from the given range. The local range must not overlap
>> with the one specified for your domain! "
>>
>> Am I defining the local accounts with this line?
>>
>>   idmap config *:range = 70001 - 80000
>
> Yes.
>
> Each member server has local accounts too, like every, Windows Server 
> or Workstation. They have a local administrator, and other users. And 
> local groups like Users, Power Users, etc.
>
> And because this accounts are local on each workstation/server, you 
> store them in a local database and not on a central place.
>
>
>
>> And Domain accounts with this line?
>>
>> idmap config SAMDOM:range = 500-40000
>
> Yes.
>
>
>
>> Should I use these default ranges or can you point me in the direction
>> to read more about these values? Thanks.
>
> For the domain you have to define a range that you really use in your 
> AD. If you start assigning UID/GIDs between 500 and 40000, you can 
> leave this. If you assign only between 5000 and 6000, then choose this 
> range.
>
> This are the UID/GIDs you assign e. g. in the Unix attributes tab of 
> ADUC.
>
>
> Regards,
> Marc
>

-- 
-James



More information about the samba mailing list