[Samba] IDMAP Issue
Rowland penny
rpenny at samba.org
Thu Jul 14 12:26:22 UTC 2016
On 14/07/16 11:01, Shaun Glass wrote:
> ... as follows :
>
> rpm -qa | grep samba
> samba-3.6.23-35.el6_8.x86_64
> samba-common-3.6.23-35.el6_8.x86_64
> samba-winbind-clients-3.6.23-35.el6_8.x86_64
> samba-winbind-3.6.23-35.el6_8.x86_64
>
> [global]
> workgroup = ABC
> realm = ABC.COM <http://ABC.COM>
> security = ADS
> restrict anonymous = 1
> log file = /var/log/samba/log.%m
> max log size = 50
> client signing = required
> server signing = Yes
> socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
> dns proxy = No
> wins server = x.x.x.x
> socket address = x.x.x.x
> winbind separator = +
> winbind enum users = Yes
> winbind enum groups = Yes
> idmap config * : range = 10000-20000
> idmap config * : backend = tdb
>
> On Thu, Jul 14, 2016 at 11:47 AM, Rowland penny <rpenny at samba.org
> <mailto:rpenny at samba.org>> wrote:
>
> On 14/07/16 09:34, Shaun Glass wrote:
>
> Good Day All,
>
> We have an issue where the following in smb.conf :
>
> idmap uid = 10000-20000
>
> ... it is resulting in assigned id's clashing with id's in
> passwd. What are
> the repercussions should we change to say the following :
>
> idmap uid = 20000-30000
>
> Many thanks.
>
> Regards
>
> Shaun
>
>
> What version of Samba ?
> idmap uid (and gid) are depreciated in later versions of Samba, it
> may help if you post the entire [global] section of your smb.conf.
>
> What ever the version of Samba, raising the lower level wouldn't
> really be a good idea, any saved files belonging to an ID in the
> range 10000-20000 would lose their owners.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
You initially asked about 'idmap uid', but I don't see it in your
smb.conf, what I do see is:
idmap config * : range = 10000-20000
idmap config * : backend = tdb
The '*' is for the BUILTIN users & groups etc
I don't see anything for the Domain users & groups, are you also running
sssd ?
If so, you don't need winbind.
Rowland
More information about the samba
mailing list