[Samba] Slow, Incorrect Group Resolution through Winbind
Rowland Penny
rpenny at samba.org
Wed Sep 13 16:22:21 UTC 2017
On Wed, 13 Sep 2017 11:58:27 -0400
Sonic <sonicsmith at gmail.com> wrote:
> On Wed, Sep 13, 2017 at 11:32 AM, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> > On Wed, 13 Sep 2017 11:18:59 -0400
> > Sonic via samba <samba at lists.samba.org> wrote:
> >
> >> Should be more like:
> >> idmap config STUDENTS : range = 16777216-33554431
> >> idmap config STUDENTS : backend = tdb
> >>
> >> ...plus something like:
> >> idmap config * : range = 10000-20000
> >> idmap config * : backend = tdb
> >> ... using a different range than configured for STUDENTS.
> >>
> >> Again "man smb.conf" is your friend.
> >
> > Obviously not, from the above ;-)
> >
> > I would expect something like:
> >
> > idmap config * : backend = tdb
> > idmap config * : range = 3000-7999
> > idmap config STUDENTS : backend = rid
> > idmap config STUDENTS : range = 16777216-33554431
> >
>
> Are you stating that only one assignment of tdb can be defined? I use
> the rid backend for the domains that are hosted on another server but
> wasn't sure whether or not multiple tdb backend assignments were
> allowed. Although I've never tried it, the man page does not appear to
> state that tdb cannot be used for multiple backends. But I'm reading
> the man page for 4.7.0rc5 which may be different.
>
> Chris
For the '*' domain you should only the tdb backend (note, you cannot
use the rid backend).
For the 'DOMAIN' domain you can use several different backends (rid, ad
etc) but I wouldn't use the tdb backend, how are you going to be sure
you will get the same IDs on all Unix machines ?
If you use the 'rid' backend and the same range on all Unix machines,
you will get the same IDs without having to add anything to AD.
Rowland
More information about the samba
mailing list