[Samba] idmap config with rid backend

lingpanda101 lingpanda101 at gmail.com
Wed Apr 18 17:46:27 UTC 2018


     I traditionally use the 'ad' backend on member machines with 
rfc2307. I decided to give 'rid' a go on a server only performing 
authentication. Everything went well with join but I have a few 
questions. First my smb.conf on Ubuntu 16.04.4 LTS

         security = ADS
         workgroup = DOMAIN
         realm = DOMAIN.LOCAL

         log file = /var/log/samba/%m.log
         log level = 1

         idmap config * : backend = tdb
         idmap config * : range = 3000-7999
         idmap config DOMAIN : backend = rid
         idmap config DOMAIN : range 10000-999999

         winbind nss info = template
         template shell = /bin/bash
         template homedir = /home/%U

Output of 'getent group'

  getent group "DOMAIN\\Domain Users"
DOMAIN\domain users:x:10513:

Output of 'getent passwd'

getent passwd DOMAIN\\James
DOMAIN\James:*:14659:10513:James Test:/home/james:/bin/bash

My other member servers that utilize the 'ad' backend utilize the same 
DOMAIN range of 10000-999999 and I assign uid's and gid's via. RSAT.

  * Is it OK to run multiple member servers with different domain
    backends in a forest?
  * Is it OK to use the same range with different domain backends?



More information about the samba mailing list