[Samba] Upgrade from 4.4.3 to 4.9.13, idmap question

Pablo Sanz Fernández psanz at empre.es
Tue Oct 22 09:56:18 UTC 2019


We have samba 4.4.3, provisioned as AD controller, compiled with "./configure --with-shared-modules=idmap_ad" option.

The smb.conf has the following idmap configuration:

                idmap_ldb:use rfc2307 = yes
idmap config EADOM:backend = ad
idmap config EADOM:schema_mode = rfc2307
idmap config EADOM:range = 500-149999

winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes

If we update to 4.9.13 (direct upgrade) or any versión greater tan 4.5, we know that we must remove the idmap lines from smb.conf, and also execute the command "samba-tool dbcheck -cross-ncs -fix -yes".

But, does it have any implications with the user and computer accounts id mapping? A computer or user that was in AD before update and change the smb.conf removing the idmap section, will keep his attributes like objectSID untouched?

In summary, should we worry that some computer will leave the domain because the upgrade changes some of its account attributes in the AD?


Pablo Sanz

More information about the samba mailing list