[Samba] id map range overlap
Michael Hierweck
michael at hierweck.de
Mon Dec 23 09:46:37 UTC 2019
Hi all,
I'm using Samba (AD) under Debian Buster.
Testparm tells me the idmap of TDB and AD would overlap.
However the configured range don't.
Thanks in advance,
Michael
# testparm
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[netlogon]"
Processing section "[sysvol]"
Loaded services file OK.
ERROR: The idmap range for the domain * (tdb) overlaps with the range of KLEY (ad)!
Server role: ROLE_ACTIVE_DIRECTORY_DC
Press enter to see a dump of your service definitions
# Global parameters
[global]
dns forwarder = 192.168.100.250
passdb backend = samba_dsdb
realm = KLEY.HIERWECK.DE
server role = active directory domain controller
winbind enum groups = Yes
winbind enum users = Yes
winbind nss info = rfc2307
workgroup = KLEY
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
winbindd:use external pipes = true
idmap config kley : range = 100-9999
idmap config kley : schema_mode = rfc2307
idmap config kley : unix_primary_group = yes
idmap config kley : unix_nss_info = yes
idmap config kley : backend = ad
idmap config kley : default = yes
idmap config * : range = 10000-999999999
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
map acl inherit = Yes
map archive = No
vfs objects = acl_xattr
[netlogon]
path = /var/lib/samba/sysvol/kley.hierweck.de/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[...]
More information about the samba
mailing list