[Samba] Samba user mapping DC <-> DC Member
Rowland Penny
rpenny at samba.org
Thu Feb 2 16:00:32 UTC 2017
On Thu, 2 Feb 2017 16:39:08 +0100
basti via samba <samba at lists.samba.org> wrote:
> I have add
>
> idmap config * : backend = tdb
> idmap config * : range = 1-512
>
> and change
>
> idmap config kes:range = 512-999999
>
> Restart winbind and there is still the same problem.
>
>
Not really surprised, by using '1-512', you have ensured that the well
know SIDs will get the same IDs as the Unix system users and groups,
again not a good idea.
If you look in /etc/nsswitch.conf , you should see that the 'passwd' and
'group' lines should look like this:
passwd: files winbind
group: files winbind
NOTE: 'files' may be 'compat', but they both mean the same thing, which
is that when a user connects, it is first checked to see if it exists
in /etc/passwd and if not found, winbind is asked.
In the past, it wasn't thought to be wrong to use such low ID numbers,
but now it is has been shown to be a bad idea.
Please read and try to understand the wiki.
Rowland
More information about the samba
mailing list