[Samba] Samba 4.6 ID Mapping clarification

Rowland Penny rpenny at samba.org
Sat Mar 18 19:25:06 UTC 2017

On Sat, 18 Mar 2017 12:59:00 -0600
"Paul R. Ganci via samba" <samba at lists.samba.org> wrote:

> Recently there has been a lot of chatter of where and when to specify
> ID mapping ranges. In fact, the wiki is quite explicit now:
>     /"ID mapping back ends are not supported in the smb.conf file on a
>     Samba Active Directory (AD) domain controller (DC)."/
> I also saw a recommendation on this list to run testparm to check the 
> smb.conf for problems after upgrading to Samba 4.6. Last night I 
> upgraded my AD DC and ran testparm. I get this result:
>  > testparm
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
> (16384) Processing section "[netlogon]"
> Processing section "[sysvol]"
> Processing section "[Profiles]"
> Processing section "[home]"
> Loaded services file OK.
> idmap range not specified for domain '*'
> ERROR: Invalid idmap range for domain *!
> <snipped dump of service definitions>
> Note the two lines indicating that the idmap range is not specifed
> for domain '*' and that is flagged as an error. Is this a bug in
> testparm program which should not be flagging the idmap range or is
> it only idmap ranges for the AD DC domain that should not be mapped.
> I did not add any idmap ranges at all in my AD DC smb.conf. It would
> seem to me that given the explicit wiki statement that the testparm
> check is buggy.
> For the record I am running Sernet Samba 4.6 on a CentOS 6.8 system.

Yes, it is a bug:



More information about the samba mailing list