[Samba] [samba] idmap question
rpenny at samba.org
Thu Aug 10 10:08:55 UTC 2017
On Thu, 10 Aug 2017 11:44:26 +0200
mathias dufresne via samba <samba at lists.samba.org> wrote:
> Hi all,
> What is the real purpose if the following lines when using idmap-rid
> or idmap-ad:
> # Default idmap config for local BUILTIN accounts and groups
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> When using the next two lines
> # idmap config for the SAMDOM domain
> idmap config SAMDOM : backend = rid [or ad]
> idmap config SAMDOM : range = 10000-999999
> AD users will be in range 10000-999999, /etc/passwd would be in range
> 0-2999, what kind of users would be added in range 3000-7999?
the '*' range is for the 'BUILTIN' users and groups (more info here:
It is also used for trusted domains that do not have an idmap config
range set in smb.conf.
You can set the ID for a '*' user or group by giving it a uidNumber or
gidNumber, this moves it to the 'DOMAIN' range, the most usual one to
move is 'Domain Users'
More information about the samba