[Samba] [Announce] Samba 4.5.3, 4.4.8 and 4.3.13 Security Releases Available for Download
Rowland Penny
rpenny at samba.org
Mon Dec 19 10:22:40 UTC 2016
On Mon, 19 Dec 2016 13:56:41 +0400
Mike Lykov via samba <samba at lists.samba.org> wrote:
> 19.12.2016 13:18, Karolin Seeger via samba пишет:
>
> > 100000 - 33554431 and similar lines) was ignored formerly and leads
> > to errors now. The typical error you see is NT_STATUS_INVALID_SID.
> > For more details, please see the following bug:
> >
> > https://bugzilla.samba.org/show_bug.cgi?id=12410
>
> What is right configuration in this case?
>
> on DC I have only an
> idmap_ldb:use rfc2307 = yes
>
> string in my smb.conf, and
>
> on member server I have an
>
> idmap config *:backend = tdb
> idmap config *:range = 30001-40000
> idmap config SAMGES:backend = ad
> idmap config SAMGES:schema_mode = rfc2307
> idmap config SAMGES:range = 10000-20000
>
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
>
>
> Are this is correct?
> I have an old 4.1* version and plan to upgrade to 4.5*.
>
The only possible problems I can see there are the 'winbind enum' lines,
you should only set these for testing purposes.
The problem was that people have been setting the 'idmap config' lines
meant for a domain member on AD DCs. On versions before 4.5.0, they
were ignored and did nothing. From 4.5.0, they still do not affect the
IDs, but now cause errors, these errors have now been fixed in 4.5.3
Rowland
More information about the samba
mailing list