[Samba] DHCP-DNS problems

Rowland Penny rpenny at samba.org
Mon Jan 8 17:42:57 UTC 2018

On Mon, 8 Jan 2018 17:14:57 +0000
Kristján Valur Jónsson <kristjan at rvx.is> wrote:

> On 2 January 2018 at 17:03, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> >
> > smb.conf seems to be missing 'idmap_ldb:use rfc2307  = yes'
> >
> > Is this necessary?  The recent windows remote tools lack the
> > ability to
> easily edit these fields.
> Also, see this from the wiki,
> https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD
> "It is recommended not to use those mappings on the DCs. The default
> idmap ldb mechanism is fine for domain controllers and less error
> prone."

You can add 'idmap_ldb:use rfc2307  = yes' to DCs, the main problem is
that a DC can only obtain the users uidNumber and primarygroupid from
If you use the default idmap ldb on DCs, this also has problems, you
are very likely to get different ID numbers on different DCs unless you
sync idmap.ldb from the first DC to all others, You will also get yet
another ID on Unix domain members if you use the winbind 'rid' backend.
The only way to get consistent IDs everywhere is to use the winbind
'ad' backend.


More information about the samba mailing list