[Samba] Failed to find domain Unix Group
Rowland penny
rpenny at samba.org
Thu Jul 14 12:36:23 UTC 2016
On 14/07/16 13:32, Carlos A. P. Cunha wrote:
>
> Hello!
> Any opinion on that?
> Thank you
>
>
> Em 13-07-2016 10:52, Carlos A. P. Cunha escreveu:
>>
>> Thank you for the explanation.
>> Yes, it was a mistake to leave my two faxias that way, by the ID
>> exchange reason the low range will leave as it was to have no problems
>> idmap config SERVERAD: range = 5000-33554431
>>
>> The range of up'm thinking of changing to something
>> idmap config *: range = 2000-4500
>>
>> Not to be superimposed.
>>
>> But it will it not cause problem ids trading again? Since it was
>> before both inciado in 50000
>>
>> The procimo server will not make this mistake.
>>
>> Final doubt, I promise heheh :-D
>>
>> Thanks
>>
>>
>> Em 13-07-2016 10:32, Rowland penny escreveu:
>>> On 13/07/16 13:33, Carlos A. P. Cunha wrote:
>>>>
>>>> I got it, so it must have been the problem ..
>>>> Strange that changed it more than one month at least.
>>>> Having these values now, how do you think I do?
>>>> Leave it or change at least the idmap config * values: range?
>>>>
>>>> I understand the parameters:
>>>>
>>>> idmap config *: range = Range of the Ids are User system
>>>>
>>>> idmap config SERVERAD: range: DC User Range
>>>>
>>>> Thank you
>>>>
>>>>
>>>> Em 13-07-2016 05:16, Rowland penny escreveu:
>>>>> On 13/07/16 03:20, Carlos A. P. Cunha wrote:
>>>>>>
>>>>>> Can return old id, returning the old values (changed the most at
>>>>>> least two months)
>>>>>>
>>>>>> idmap config *: backend = tdb
>>>>>> idmap config *:range = 5000-16777216
>>>>>> idmap config SERVERAD: backend = rid
>>>>>> idmap config SERVERAD: range = 5000-33554431
>>>>>>
>>>>>> The error parrou also, but I think the fact that a group with the
>>>>>> same ID / GID if the User to the fact that the idmap values be
>>>>>> crossing, even so I changed them (mentioned above)
>>>>>>
>>>>>> Thank you
>>>>>>
>>>>>>
>>>>>
>>>>> Do not change the lower range value on a Samba fileserver once
>>>>> set, you can raise the upper value, but there is a proviso, the
>>>>> ranges must not overlap. This means your lines above are invalid,
>>>>> they both start at '5000' and the entire '*' range is inside the
>>>>> 'SERVERAD' range.
>>>>>
>>>>> If you change the lower range and you are using the 'rid' backend,
>>>>> all your IDs will change.
>>>>>
>>>>> Rowland
>>>>>
>>>>
>>>
>>> OK, you need to find out just who owns what on your systems, if you
>>> find that something belongs to a number or to a user that it
>>> shouldn't, then you have problems.
>>>
>>> If you look on the Samba wiki page for setting up a domain member,
>>> you will find this for using the 'rid' backend:
>>>
>>> # Default idmap config used for BUILTIN and local accounts/groups
>>> idmap config *:backend = tdb
>>> idmap config *:range = 2000-9999
>>>
>>> # idmap config for domain SAMDOM
>>> idmap config SAMDOM:backend = rid
>>> idmap config SAMDOM:range = 10000-99999
>>>
>>> The ranges were chosen for a reason, the '*' range '2000-9999' is
>>> large enough for any windows SID-RIDS that need mapping and leaves
>>> room below the range for any local Unix users that may be required.
>>> The domain range starts at '10000', this is also the standard start
>>> number if you use ADUC & the Unix Attributes tab. If needed, the
>>> range can be extended by raising '99999' to whatever is required,
>>> this can be done whenever required, just don't change '10000'
>>>
>>> If practicable, you could use the above ranges, but if it takes less
>>> work to keep the ranges you are using now, then stay with them, what
>>> I am trying to say is, go with whatever is easiest, just make sure
>>> that ranges do not overlap.
>>>
>>> Rowland
>>>
>>
>
Sorry, didn't realise you were asking a question :-[
As long as the ranges do not overlap and you can work around any
possible problems (note: I am not saying you will have problems, but
possibly may have problems), then, the range you suggest will work.
Rowland
More information about the samba
mailing list