[Samba] Samba 4.6.5-Debian, authentication on a mix workgroup+domain

Marc-Henri Pamiseux marc-henri.pamiseux at libricks.org
Mon Jul 31 09:38:23 UTC 2017

Hi Louis,

Do the default idmap values must precede the idmap values of the
MYDOMAIN domain? May I write something like:
Idmap config *: backend = tdb
Idmap config *: range = 65000-65535
Idmap config MYDOMAIN: backend = ad
Idmap config MYDOMAIN: range = 500-3999

I think there is a problemn using user nobody as guest account while
nobody's id is 65534.

I think there is a problem in using nobody for the guest account
directive while its user ID is 65534.

As Rowland mention in 2017-07-25 :
"You now need to give your users a gidNumber containing the Unix ID
number of a group and the group would have to have a gidNumber attribute
containing the same number."

So, does it mean that user nobody who's gidNumber is "nogroup:x:65534:"
need to be included in this mapping ? Should it be as default mapping or
as domain mapping ?

Marc-Henri Pamiseux - SARL Libricks - www.libricks.fr
6 rue Léonard de Vinci - CS 20119, 53001 LAVAL Cedex
Tel. : / Mobile :

Le 31/07/2017 à 10:42, L.P.H. van Belle via samba a écrit :
> idmap config * : backend = tdb
> idmap config * : range = 500-999
> idmap config MYDOMAIN:backend = ad
> idmap config MYDOMAIN:range = 1000-3000300

More information about the samba mailing list