[Samba] Winbind - NSS problem?
rpenny at samba.org
Wed May 30 17:58:16 UTC 2018
On Wed, 30 May 2018 18:59:50 +0200
Luciano Mannucci <luciano at vespaperitivo.it> wrote:
> On Wed, 30 May 2018 16:27:20 +0100
> Rowland Penny via samba <samba at lists.samba.org> wrote:
> > > workgroup = MCS2003
> > > idmap uid = 3000-8004
> > > idmap gid = 800-1988
> > The above two lines are deprecated
> > Add these lines instead:
> > idmap config * : backend = tdb
> > idmap config * : range = 10000-11000
> > > idmap config MCS2003 : backend = rid
> > > idmap config MCS2003 : range = 3000 - 8004
> > Change the above line to:
> > idmap config MCS2003 : range = 800-8004
> Will this change preserve my actual gid-uid mapping?
> If not I will have to reset manually the ownership of all the files of
> all the users, which might trigger a couple terabytes of backup
> otherwise totally useless...
> BTW, thank you for your valuable hints.
It will probably/possibly change some numeric IDs, which is why I said
to test it first and have backups to fall back on. The main problem is
the different ranges for 'idmap uid' & 'idmap gid'. Hopefully most of
the changes will be in the 'well known SIDS'. If the numeric IDs are
way out, then you might have to export the users and groups to a file
and then use the file to add uidNumber & gidNumber attributes to AD.
More information about the samba