[Samba] winbind BUILTIN config
Rowland Penny
rpenny at samba.org
Fri Jan 27 22:52:43 UTC 2017
On Fri, 27 Jan 2017 22:00:11 +0000 (UTC)
Mircea Husz <mirceahusz at yahoo.com> wrote:
> Hi Roland,
>
> Thank you for the explanation.
> Allow me to press the point, I'd like to understand what I'm doing.
> Is there value in me remapping them from their 3000000 - range
You can use the 3000000 range if you want to, but most people change
it. One reason for this is you can (and will) get different IDs on DCs
if you use the xidNumbers that a DC creates, so, to be sure you are
using the correct IDs, it is easier to change the range you use for the
uidNumber & gidNumber attributes.
> default as I see it on the AD server? What is the reason for
> specifying a lower range such as 3000-7999 ?
Good question, most people seem to put the '*' range above the DOMAIN
range, now for most uses this wouldn't be a problem, but if you set
the DOMAIN range to '10000-999999' and the '*' range to
'1000000-1009999', what will you do if you get to a user that needs
the uidNumber 1000000 ?? If the '*' range is below the DOMAIN range,
it is easy to just increase the last number in the DOMAIN range and
this will have no affect on anything else.
But you can use whatever ranges you like, it is your domain ;-)
Rowland
More information about the samba
mailing list