[Samba] Unterstanding idmap config
rpenny at samba.org
Fri Feb 3 16:20:14 UTC 2017
On Fri, 3 Feb 2017 17:06:07 +0100
basti via samba <samba at lists.samba.org> wrote:
> in my samba NT4 i have some low uid. Rowland Penny suggest to set it
> higher. So far OK.
> I config my AD member as followed:
> # Default ID mapping configuration for local BUILTIN accounts
> # and groups on a domain member. The default (*) domain:
> # - must not overlap with any domain ID mapping configuration!
> # - must use an read-write-enabled back end, such as tdb.
> idmap config * : backend = tdb
> idmap config * : range = 1000-6999
> # idmap config for the SAMDOM domain
> idmap config foo:backend = ad
> idmap config foo:schema_mode = rfc2307
> idmap config foo:range = 7000-999999
> After I flush the cache with "net cache flash" i can see the same uid
> on my member as on my AD DC. so Far OK, that is what i would.
> The uid i see from LDAP is 1007.
> What does the config * mean?
> Why can I see a user with uid 1007 from domain when domain start at
The '*' domain is for what is known as the 'Well Known SIDs' and
anything not in the 'FOO' domain.
See here for the well Known SIDs:
You don't really need to see them, they are (mostly) not needed on a
More information about the samba