[Samba] samba 4 joining samba 3 pdc - group mismatch

Rowland Penny rpenny at samba.org
Thu May 3 07:40:37 UTC 2018

On Wed, 2 May 2018 19:21:46 -0300
"Ethy H. Brito" <ethy.brito at inexo.com.br> wrote:

This is where it is all going wrong, Your PDC isn't using LDAP, so
you will have to rely on the winbind 'rid' backend. The lines below are
wrong in several ways:

>    idmap uid = 100000-200000
>    idmap gid = 100000-200000
>    idmap cache time = 60
>    idmap config *:range = 100000-200000
>    idmap config *:backend = rid

'idmap uid' & 'idmap gid' are deprecated, you should use the 'idmap
config' lines
The ranges overlap
You cannot use the 'rid' backend with the '*' domain
You will never get the same IDs on the PDC and Unix domain member (this
isn't really a problem)

Try it like this:

   idmap config *:range = 3000-7999
   idmap config *:backend = tdb
   idmap config PEGASE:range = 100000-200000
   idmap config PEGASE:backend = rid

I feel I should also warn you that Microsoft is making it harder &
harder to use Windows with an NT4-style domain, you really should
consider upgrading to AD.


More information about the samba mailing list