[Samba] Samba 4.6 ID Mapping clarification

Paul R. Ganci ganci at nurdog.com
Sat Mar 18 18:59:00 UTC 2017

Recently there has been a lot of chatter of where and when to specify ID 
mapping ranges. In fact, the wiki is quite explicit now:

    /"ID mapping back ends are not supported in the smb.conf file on a
    Samba Active Directory (AD) domain controller (DC)."/

I also saw a recommendation on this list to run testparm to check the 
smb.conf for problems after upgrading to Samba 4.6. Last night I 
upgraded my AD DC and ran testparm. I get this result:

 > testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[Profiles]"
Processing section "[home]"
Loaded services file OK.
idmap range not specified for domain '*'
ERROR: Invalid idmap range for domain *!


<snipped dump of service definitions>

Note the two lines indicating that the idmap range is not specifed for 
domain '*' and that is flagged as an error. Is this a bug in testparm 
program which should not be flagging the idmap range or is it only idmap 
ranges for the AD DC domain that should not be mapped. I did not add any 
idmap ranges at all in my AD DC smb.conf. It would seem to me that given 
the explicit wiki statement that the testparm check is buggy.

For the record I am running Sernet Samba 4.6 on a CentOS 6.8 system.


More information about the samba mailing list