[Samba] Is Samba 4.9 and "map untrusted to domain" possible anymore?

Rowland penny rpenny at samba.org
Thu Jun 4 14:12:49 UTC 2020

On 04/06/2020 15:03, Harald Hannelius via samba wrote:
> On Thu, 4 Jun 2020, Rowland penny via samba wrote:
>> On 04/06/2020 13:49, Harald Hannelius via samba wrote:
>>> Question 3)
>>> If I would enable trust between "AD" and "SAD", would users trying 
>>> to access files on a Samba fileserver be mapped to the uidNumber in 
>>> "SAD" DS? Or would they be mapped to something entirely else? I'm 
>>> not really understanding the idmap and identities it seems.
>> No, you would have to give one set of users new uidNumbers and create 
>> another 'idmap config' block in smb.conf. You could use autorid 
>> instead, but this would mean totally new ID's everywhere.
> Can't I just use the same idmap range for the "SAD" and "AD" domains? 
> They are, after all, the same users in both domains.


More information about the samba mailing list