[Samba] suddenly change: idmap uid + gid

Alexey A Nikitin nikitin at amazon.com
Mon Nov 4 18:52:01 UTC 2019

On Sunday, 3 November 2019 01:41:18 PST Rowland penny via samba wrote:
> As I said, you cannot use 'winbind use default domain = yes' with 
> 'autorid', it makes all users and groups members of the same domain, 
> this is probably what has happened here.
> Remove the line, this should stop it happening again
> If you have only one domain, then you shouldn't be using autorid, you 
> should be using rid instead, unfortunately it is probably too late now.

Is it OK to use autorid for * when you have rid configured for the domain of your primary user on a given machine? E.g., if there is a forest of, say, users.example.com, dom1.example.com, dom2.example.com, and the primary user of the machine is in users.example.com, is it OK to have config like this:
        idmap config * : backend = autorid
        idmap config * : range = <range>
        idmap config * : rangesize = <subrange>
        idmap config USERS : backend = rid
        idmap config USERS : range = <range>

If yes, what about the same config for the case when USERS (users.example.com) is the only domain? My understanding is in a single domain situation this config shouldn't cause any issues with 'winbind use default domain = true', and in the multiple domains situation this would cause trouble authenticating users from domains other than USERS but should work OK for the primary domain, is that correct?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.samba.org/pipermail/samba/attachments/20191104/ee927459/signature.sig>

More information about the samba mailing list