[Samba] Samba user mapping DC <-> DC Member

Rowland Penny rpenny at samba.org
Thu Feb 2 16:00:32 UTC 2017

On Thu, 2 Feb 2017 16:39:08 +0100
basti via samba <samba at lists.samba.org> wrote:

> I have add
> idmap config * : backend = tdb
> idmap config * : range = 1-512
> and change
> idmap config kes:range = 512-999999
> Restart winbind and there is still the same problem.

Not really surprised, by using '1-512', you have ensured that the well
know SIDs will get the same IDs as the Unix system users and groups,
again not a good idea.

If you look in /etc/nsswitch.conf , you should see that the 'passwd' and
'group' lines should look like this:

	passwd: files winbind
	group: files winbind

NOTE: 'files' may be 'compat', but they both mean the same thing, which
is that when a user connects, it is first checked to see if it exists
in /etc/passwd and if not found, winbind is asked.

In the past, it wasn't thought to be wrong to use such low ID numbers,
but now it is has been shown to be a bad idea.

Please read and try to understand the wiki.


More information about the samba mailing list