Vinicius Bones Silva vbs at e-trust.com.br
Tue Nov 1 12:52:27 UTC 2016

I'm not sure I understood the question. Uncommenting the lines or commenting them yelds 
the same results, as long as "idmap_ldb:use rfc2307 = yes" is kept in place.  Commenting 
it as well changes the ids to the 3 million range. Cleaning the caches did not affect the 

Em 29/10/2016 07:31, Andrew Bartlett via samba escreveu:
> On Thu, 2016-10-27 at 17:23 -0200, Vinicius Bones Silva via samba
> wrote:
>> Hi Rowland,
>>       Just to let you know, we removed all the idmap entries we had on
>> the smb.conf of our
>> two DCs and the ids reported by getent passwd at the DCs were in the
>> 3.000.000 range, as
>> you said. We had to add back 'idmap_ldb:use rfc2307 = yes' to get the
>> user listing with
>> the original numbers on the DCs.
>> Here's what we commented out on the configurationfiles.
>>           # Default idmap config used for BUILTIN and local
>> accounts/groups
>>           #idmap config *:backend = ad
>>           #idmap config *:range = 2000-9999
>>           # idmap config for domain E-TRUST
>>           #idmap config E-TRUST:backend = ad
>>           #idmap config E-TRUST:schema_mode = rfc2307
>>           #idmap config E-TRUST:range = 10000-40000
>>           #idmap cache time = 1
>>           #idmap negative cache time = 1
>>           #winbind cache time = 1
>>           idmap_ldb:use rfc2307 = yes
>> Regards,
>> Vinicius.
> Can you confirm that it still fails with that configuration?
> You may need to flush the caches.  'net cache flush'.
> I certainly can see how having those set would have broken things,
> because we now enforce the range if set whereas 4.4 just ignored them.
> Thanks,
> Andrew Bartlett
> -- 
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


Vinicius Silva

BRA: + 55 51 2117.1000 | 55 11 5521.2021
USA: + 1 888 259.5801
vbs at e-trust.com.br
skype: vinicius.bones.silva


	Smiley face

www.e-trust.com.br <http://www.e-trust.com.br/>

Esta mensagem pode conter informações confidenciais ou privilegiadas. Se você recebeu esta 
mensagem por engano, você não deve usar, copiar, divulgar ou tomar qualquer atitude com 
base nestas informações. Solicitamos que você apague a mensagem imediatamente e avise a 
E-TRUST, enviando um e-mail para suporte at e-trust.com.br. Opiniões, conclusões ou 
informações contidas nesta mensagem não necessariamente refletem a posição oficial da 
E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode ser confirmada 
pela Autoridade Certificadora Privada E-TRUST, disponível em www.e-trust.com.br.

This message may contain privileged and confidential information for the use of the 
intended recipients only. If you are not an intended recipient then you should not 
disseminate, copy, or take any action based on its contents. If you have received this 
message in error then please notify E-TRUST by sending an e-mail message to 
suporte at e-trust.com.br immediately. Views and opinions expressed in this message do not 
necessarily reflect the position of E-TRUST. If this message is digitally signed, its 
authenticity can be confirmed by E-TRUST Private Certificate Authority, available at 

More information about the samba mailing list