[Samba] Failed to find domain Unix Group
Carlos A. P. Cunha
carlos.hollow at gmail.com
Thu Jul 14 12:32:55 UTC 2016
Hello!
Any opinion on that?
Thank you
Em 13-07-2016 10:52, Carlos A. P. Cunha escreveu:
>
> Thank you for the explanation.
> Yes, it was a mistake to leave my two faxias that way, by the ID
> exchange reason the low range will leave as it was to have no problems
> idmap config SERVERAD: range = 5000-33554431
>
> The range of up'm thinking of changing to something
> idmap config *: range = 2000-4500
>
> Not to be superimposed.
>
> But it will it not cause problem ids trading again? Since it was
> before both inciado in 50000
>
> The procimo server will not make this mistake.
>
> Final doubt, I promise heheh :-D
>
> Thanks
>
>
> Em 13-07-2016 10:32, Rowland penny escreveu:
>> On 13/07/16 13:33, Carlos A. P. Cunha wrote:
>>>
>>> I got it, so it must have been the problem ..
>>> Strange that changed it more than one month at least.
>>> Having these values now, how do you think I do?
>>> Leave it or change at least the idmap config * values: range?
>>>
>>> I understand the parameters:
>>>
>>> idmap config *: range = Range of the Ids are User system
>>>
>>> idmap config SERVERAD: range: DC User Range
>>>
>>> Thank you
>>>
>>>
>>> Em 13-07-2016 05:16, Rowland penny escreveu:
>>>> On 13/07/16 03:20, Carlos A. P. Cunha wrote:
>>>>>
>>>>> Can return old id, returning the old values (changed the most at
>>>>> least two months)
>>>>>
>>>>> idmap config *: backend = tdb
>>>>> idmap config *:range = 5000-16777216
>>>>> idmap config SERVERAD: backend = rid
>>>>> idmap config SERVERAD: range = 5000-33554431
>>>>>
>>>>> The error parrou also, but I think the fact that a group with the
>>>>> same ID / GID if the User to the fact that the idmap values be
>>>>> crossing, even so I changed them (mentioned above)
>>>>>
>>>>> Thank you
>>>>>
>>>>>
>>>>
>>>> Do not change the lower range value on a Samba fileserver once set,
>>>> you can raise the upper value, but there is a proviso, the ranges
>>>> must not overlap. This means your lines above are invalid, they
>>>> both start at '5000' and the entire '*' range is inside the
>>>> 'SERVERAD' range.
>>>>
>>>> If you change the lower range and you are using the 'rid' backend,
>>>> all your IDs will change.
>>>>
>>>> Rowland
>>>>
>>>
>>
>> OK, you need to find out just who owns what on your systems, if you
>> find that something belongs to a number or to a user that it
>> shouldn't, then you have problems.
>>
>> If you look on the Samba wiki page for setting up a domain member,
>> you will find this for using the 'rid' backend:
>>
>> # Default idmap config used for BUILTIN and local accounts/groups
>> idmap config *:backend = tdb
>> idmap config *:range = 2000-9999
>>
>> # idmap config for domain SAMDOM
>> idmap config SAMDOM:backend = rid
>> idmap config SAMDOM:range = 10000-99999
>>
>> The ranges were chosen for a reason, the '*' range '2000-9999' is
>> large enough for any windows SID-RIDS that need mapping and leaves
>> room below the range for any local Unix users that may be required.
>> The domain range starts at '10000', this is also the standard start
>> number if you use ADUC & the Unix Attributes tab. If needed, the
>> range can be extended by raising '99999' to whatever is required,
>> this can be done whenever required, just don't change '10000'
>>
>> If practicable, you could use the above ranges, but if it takes less
>> work to keep the ranges you are using now, then stay with them, what
>> I am trying to say is, go with whatever is easiest, just make sure
>> that ranges do not overlap.
>>
>> Rowland
>>
>
More information about the samba
mailing list