[Samba] winbind BUILTIN config
Mircea Husz
mirceahusz at yahoo.com
Mon Jan 30 15:49:51 UTC 2017
That makes sense. I didn't realize that IDs for BUILTIN accounts are not identical between DCs.
Since they are not identical they need to be mapped to a consistent set.
Thank you for the explanation.
On Friday, January 27, 2017 4:57 PM, Rowland Penny via samba <samba at lists.samba.org> wrote:
On Fri, 27 Jan 2017 22:00:11 +0000 (UTC)
Mircea Husz <mirceahusz at yahoo.com> wrote:
> Hi Roland,
>
> Thank you for the explanation.
> Allow me to press the point, I'd like to understand what I'm doing.
> Is there value in me remapping them from their 3000000 - range
You can use the 3000000 range if you want to, but most people change
it. One reason for this is you can (and will) get different IDs on DCs
if you use the xidNumbers that a DC creates, so, to be sure you are
using the correct IDs, it is easier to change the range you use for the
uidNumber & gidNumber attributes.
> default as I see it on the AD server? What is the reason for
> specifying a lower range such as 3000-7999 ?
Good question, most people seem to put the '*' range above the DOMAIN
range, now for most uses this wouldn't be a problem, but if you set
the DOMAIN range to '10000-999999' and the '*' range to
'1000000-1009999', what will you do if you get to a user that needs
the uidNumber 1000000 ?? If the '*' range is below the DOMAIN range,
it is easy to just increase the last number in the DOMAIN range and
this will have no affect on anything else.
But you can use whatever ranges you like, it is your domain ;-)
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list