[Samba] Corrupted idmap...

Rowland Penny rpenny at samba.org
Tue Jan 24 19:04:23 UTC 2017

On Tue, 24 Jan 2017 13:45:16 -0500
Ryan Ashley via samba <samba at lists.samba.org> wrote:

> OK, so let me get this straight in my head. I set the "idmap config"
> ranges to the same range on every Unix/Linux box on the domain while
> NOT setting those lines on the server itself. After that I can create
> new users and give them a UID while NOT giving a UID to the built-in
> accounts such as domain admin or domain guest. I then give each new
> group I create a GID and the ONLY built-in group I can assign a GID to
> is "Domain Users". I cannot assign a GID to "Domain Admins", "Domain
> Guests", or any other group that comes with the domain. Doing this
> should satisfy the *nix boxes and prevent the issue we had here. Is
> this correct?

Well basically yes, except I would use 'shouldn't' instead of
'cannot', you can do it, but I wouldn't recommend it.

More information about the samba mailing list