[Samba] Linux multiple member server

Rowland Penny rpenny at samba.org
Sun Sep 23 21:01:11 UTC 2018


On Sun, 23 Sep 2018 15:31:06 -0500
Robert Wooden via samba <samba at lists.samba.org> wrote:

> Good to hear I was correct about all members having same ranges.
> 
> Now, I have had this idmap sequence order for years in my smb.conf
> files and have copy pasted always moving forward.
> 
> Sorry if I am misunderstanding you but, your saying invert them,
> listing the SAMDOM first followed by the "*"?
> 
> like this example?
> 
> idmap config SAMDOM : backend = rid
> idmap config SAMDOM : range = 10000-40000
> idmap config * : backend = tdb
> idmap config * : range = 50001-80000
> 

Er, no, you are stuck with the above on an existing Unix
domain member, but on new Unix domain members I would use this:

idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config SAMDOM : backend = rid
idmap config SAMDOM : range = 10000-80000

The '*' domain is for the 'Well Know SIDs' and anything outside of the
'SAMDOM' domain and there are less than 200 'Well Known SIDs', so 4999
ID's should be more than enough.
When it comes to the 'SAMDOM' domain, if you do reach the user ID
'80001', this wouldn't be a problem with my suggested lines, just
change the '80000' to '90000'. If the '*' domain is above the 'SAMDOM'
domain, then you are limited to the difference between the high number
for the 'SAMDOM' range and the low number for the '*' range. In your
case '40000' and '50001', for most people this might not be a problem,
but for some, it would be a big problem.

Rowland
 



More information about the samba mailing list