[Samba] Samba AD-DC idmap config
Rowland penny
rpenny at samba.org
Wed Oct 16 20:05:44 UTC 2019
On 16/10/2019 20:37, John Redmond via samba wrote:
> Rowland - Thanks. The idmap lines belong in the file-server domain member,
> not the domain controller, right?
Yes, they are perfectly valid on a Unix domain member.
>
> Using ADUC on a Windows 10 machine, do you have any guidance on what GIDs
> and UIDs (numbers and range) to use in setting the default AD users and
> groups? In setting the "idmap config * : range= " in the smb.conf file
> on the file server what range should I use? I assume that is for the
> Linux/local users on the file server instead of the domain users.
>
There are two ranges you need to set, the '*' domain for the Well Known
SIDs and the 'DOMAIN' (where 'DOMAIN' is your AD domain) range. It might
help if you read this:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
That explains it without having to type it whole over again ;-)
The only thing to stress is, the only one of the AD Well Known SIDS that
must have a Unix ID is the 'Domain Users' group which must have a gidNumber.
Rowland
More information about the samba
mailing list