[Samba] Domain member server: user access

Rowland Penny rpenny at samba.org
Mon Oct 9 19:57:32 UTC 2017

On Mon, 9 Oct 2017 21:35:39 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:

> Am 2017-10-09 um 21:04 schrieb Rowland Penny via samba:
> > It isn't supposed to work like this and it didn't used to work like
> > this.
> Then the software shouldn't allow me to do so and/or give useful 
> feedback, don't you agree?

I don't see how you could be stopped from doing this, when a user or
group first contacts a DC, it is given an 'xidNumber' attribute in
idmap.ldb, containing the next available number in the 3000000' range.
If you decide to give this user or group a uidNumber or gidNumber
attribute, this should be used instead, which is what happens when you
run 'net cache flush'. The problem is, you shouldn't have to run the
'net' command at all and you didn't used to have to. If we could narrow
it down to when it started not working correctly, it might help.


More information about the samba mailing list