[Samba] Corrupted idmap...

Ryan Ashley ryana at reachtechfp.com
Wed Jan 25 16:52:53 UTC 2017


Alright, thanks for clearing that up and helping me through this. It did
convince the client to replace the failed backup server (lightning
destroyed it years ago) so this SHOULDN'T happen again. Still, new
domain, I get to rebuild the servers, fun stuff! Going to use BTRFS
RAID1 on the two server-disks with a Gentoo install and host Samba 4 AD
DC, DNS, DHCP, and VPN on it. Hopefully between weekly SMART checks and
BTRFS on two physical systems along with the knowledge I have now we
will not hit this issue again. Thank you for all of your help!

Lead IT/IS Specialist
Reach Technology FP, Inc

On 01/24/2017 02:04 PM, Rowland Penny via samba wrote:
> On Tue, 24 Jan 2017 13:45:16 -0500
> Ryan Ashley via samba <samba at lists.samba.org> wrote:
> 
>> OK, so let me get this straight in my head. I set the "idmap config"
>> ranges to the same range on every Unix/Linux box on the domain while
>> NOT setting those lines on the server itself. After that I can create
>> new users and give them a UID while NOT giving a UID to the built-in
>> accounts such as domain admin or domain guest. I then give each new
>> group I create a GID and the ONLY built-in group I can assign a GID to
>> is "Domain Users". I cannot assign a GID to "Domain Admins", "Domain
>> Guests", or any other group that comes with the domain. Doing this
>> should satisfy the *nix boxes and prevent the issue we had here. Is
>> this correct?
> 
> Well basically yes, except I would use 'shouldn't' instead of
> 'cannot', you can do it, but I wouldn't recommend it.
>  
> Rowland
> 



More information about the samba mailing list