[Samba] IDMAP Issue

Rowland penny rpenny at samba.org
Thu Jul 14 12:26:22 UTC 2016 

On 14/07/16 11:01, Shaun Glass wrote:
> ... as follows :
>
> rpm -qa | grep samba
> samba-3.6.23-35.el6_8.x86_64
> samba-common-3.6.23-35.el6_8.x86_64
> samba-winbind-clients-3.6.23-35.el6_8.x86_64
> samba-winbind-3.6.23-35.el6_8.x86_64
>
> [global]
>     workgroup = ABC
>     realm = ABC.COM <http://ABC.COM>
>     security = ADS
>     restrict anonymous = 1
>     log file = /var/log/samba/log.%m
>     max log size = 50
>     client signing = required
>     server signing = Yes
>     socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
>     dns proxy = No
>     wins server = x.x.x.x
>     socket address = x.x.x.x
>     winbind separator = +
>     winbind enum users = Yes
>     winbind enum groups = Yes
>     idmap config * : range = 10000-20000
>     idmap config * : backend = tdb
>
> On Thu, Jul 14, 2016 at 11:47 AM, Rowland penny <rpenny at samba.org 
> <mailto:rpenny at samba.org>> wrote:
>
>     On 14/07/16 09:34, Shaun Glass wrote:
>
>         Good Day All,
>
>         We have an issue where the following in smb.conf :
>
>         idmap uid = 10000-20000
>
>         ... it is resulting in assigned id's clashing with id's in
>         passwd. What are
>         the repercussions should we change to say the following :
>
>         idmap uid = 20000-30000
>
>         Many thanks.
>
>         Regards
>
>         Shaun
>
>
>     What version of Samba ?
>     idmap uid (and gid) are depreciated in later versions of Samba, it
>     may help if you post the entire [global] section of your smb.conf.
>
>     What ever the version of Samba, raising the lower level wouldn't
>     really be a good idea, any saved files belonging to an ID in the
>     range 10000-20000 would lose their owners.
>
>     Rowland
>
>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>
>

You initially asked about 'idmap uid', but I don't see it in your 
smb.conf, what I do see is:

     idmap config * : range = 10000-20000
     idmap config * : backend = tdb

The '*' is for the BUILTIN users & groups etc
I don't see anything for the Domain users & groups, are you also running 
sssd ?
If so, you don't need winbind.

Rowland

More information about the samba mailing list