[Samba] idmap range not specified for domain

John Rykala rykalaja at gmail.com
Sat Apr 25 11:19:10 MDT 2015

I have just setup samba ver 3.6.23-14 on CentOS 6.6 as a member server 
to Windows 2008R2 ADS.  Things seem to be working however looking at the 
log files there is an error in the log.winbindd-idmap file indicating 
that "idmap range not specified for domain SERVER2.

My setup is as follows:
Windows 2008R2 server name is "server"
CentOS hostname is "server2"
Domain name is "testnet"

Also there is a log file with the name of "log.wb-SERVER2" with various 
errors in it
name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED.
name_to_sid: SERVER2\NOBODY for domain SERVER2.

The domain is not SERVER2 rather TESTNET and the log.wb-TESTNET file 
looks good.  Not sure why it is trying to configure SERVER2 as the domain.

I would appreciate it if someone would give my config a sanity check and 
see if there is something not quite right.

passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files dns winbind

  default = FILE:/var/log/krb5libs.log
  kdc = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmind.log

  default_realm = TESTNET.LOCAL
  dns_lookup_realm = true
  dns_lookup_kdc = true
  ticket_lifetime = 24h
  renew_lifetime = 7d
  forwardable = yes

  pam = {
    debug = false
    ticket_lifetime = 36000
    renew_lifetime = 3600
    forwardable = true
    krb4_convert = false

   .testnet.local = TESTNET.LOCAL
   testnet.local = TESTNET.LOCAL

   workgroup = TESTNET
   realm = TESTNET.LOCAL
   security = ADS
   domain master = no
   local master = no
   preferred master = no
   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 
   use sendfile = true

   winbind nss info = rfc2307
   winbind trusted domains only = no
   winbind use default domain = yes
   winbind enum users = yes
   winbind enum groups = yes
   winbind nested groups = yes
   winbind refresh tickets = yes
   winbind expand groups = 4
   winbind normalize names = yes

   vfs objects = acl_xattr
   map acl inherit = yes
   store dos attributes = yes

   idmap config * : backend = tdb
   idmap config * : range = 2000-9999
   idmap config TESTNET : backend = rid
   idmap config TESTNET : schema_mode = rfc2307
   idmap config TESTNET : range = 10000-99999

   client use spnego = yes
   client ntlmv2 auth = yes
   encrypt passwords = yes
   restrict anonymous = 2
   disable spoolss = yes
   server string = Samba Server 2
   log level = 3
   log file = /var/log/samba/%m
   max log size = 25

   comment = Common Files
   path = /sharefiles/common
   valid users = @"Domain Users"
   force group = "Domain Users"
   directory mode = 0770
   create mode = 0660
   force create mode = 0660
   browseable = yes
   read only = no

More information about the samba mailing list