[Samba] samba domain member strange behavior lost users and shares

Rowland penny rpenny at samba.org
Fri Jan 10 11:37:19 UTC 2020

On 10/01/2020 11:09, basti via samba wrote:
> alf is an old domain user, not need it anymore. so i have change the
> range to
>   idmap config * : range = 1000-2000
>   idmap config SAMDOM:range = 2001-999999
As you are using the winbind 'ad' backend, you have probably just cut 
off any users between 1006-1999 and if the gidNumber for 'Domain Users' 
is inside '1006-1999', you will now ignore all your users.
> But i do not think that this is the problem, the config before work for
> a log time.
> perhaps something is wrong with kerberos / keytab?

Possibly, but the idea behind 'winbind refresh tickets = yes' is that 
when a user connects and their ticket has expired, it is refreshed.

I take it this domain was classicupgraded from an NT4-style domain.


More information about the samba mailing list