[Samba] id map range overlap

[Michael Hierweck]

Hi all,

I'm using Samba (AD) under Debian Buster.

Testparm tells me the idmap of TDB and AD would overlap.
However the configured range don't.

Thanks in advance,

Michael



# testparm
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[netlogon]"
Processing section "[sysvol]"
Loaded services file OK.
ERROR: The idmap range for the domain * (tdb) overlaps with the range of KLEY (ad)!

Server role: ROLE_ACTIVE_DIRECTORY_DC

Press enter to see a dump of your service definitions

# Global parameters
[global]
	dns forwarder = 192.168.100.250
	passdb backend = samba_dsdb
	realm = KLEY.HIERWECK.DE
	server role = active directory domain controller
	winbind enum groups = Yes
	winbind enum users = Yes
	winbind nss info = rfc2307
	workgroup = KLEY
	rpc_server:tcpip = no
	rpc_daemon:spoolssd = embedded
	rpc_server:spoolss = embedded
	rpc_server:winreg = embedded
	rpc_server:ntsvcs = embedded
	rpc_server:eventlog = embedded
	rpc_server:srvsvc = embedded
	rpc_server:svcctl = embedded
	rpc_server:default = external
	winbindd:use external pipes = true
	idmap config kley : range = 100-9999
	idmap config kley : schema_mode = rfc2307
	idmap config kley : unix_primary_group = yes
	idmap config kley : unix_nss_info = yes
	idmap config kley : backend = ad
	idmap config kley : default = yes
	idmap config * : range = 10000-999999999
	idmap_ldb:use rfc2307 = yes
	idmap config * : backend = tdb
	map acl inherit = Yes
	map archive = No
	vfs objects = acl_xattr


[netlogon]
	path = /var/lib/samba/sysvol/kley.hierweck.de/scripts
	read only = No


[sysvol]
	path = /var/lib/samba/sysvol
	read only = No

[...]