[Samba] Corrupted idmap...

Rowland Penny rpenny at samba.org
Sun Jan 22 09:58:11 UTC 2017

On Sat, 21 Jan 2017 19:15:51 -0500
Ryan Ashley via samba <samba at lists.samba.org> wrote:

> I am still slightly confused here. I set these options on the domain
> members (no clue how on earth to do this on a NAS) but how does it
> match up? I would think the server has to have the UID/GID info so
> each workstation has the same UID/GID for whatever user or group. If
> user A logs into station 1 and gets the first UID there, but he is
> the second user to login to station 2 he gets the second UID there.
> Am I missing the big picture here?

Whilst you can give a workstation a uidNumber, it isn't really needed,
but if you feel you must, then you will also need to give the
workstations primary group 'Domain Computers' a gidNumber.

If you are using the winbind 'ad' backend, then (provided 'Domain
Users' has a gidNumber and the same 'idmap config' lines are used on
all Unix domain members) your users (that have a uidNumber) should get
the same UID on every Unix domain member, the same goes for groups.

There is also the winbind 'rid' backend, this calculates the user or
group ID from the user/group RID and again (provided the same 'idmap
config' lines are used on all Unix domain members) the IDs will be the

The only problem with using the 'rid' backend is that it cannot be
used on a DC. This means that the only way to get the same user or
group ID on all Unix computers is to use the 'ad' backend.

I have no idea how to set up your NAS, mainly because I don't know
what NAS you are using, but you will probably have to manually edit the


More information about the samba mailing list