[Samba] Need help with roaming profiles

Rowland penny rpenny at samba.org
Tue Jun 30 09:23:17 UTC 2020

On 30/06/2020 09:50, Anders Östling wrote:

>> You have 'workgroup = HPLTS' and 'idmap config dg11', again, they must match
> As I wrote in the previous reply, that was a mistake from the initial
> deployment. However, I have a copy of the VM and when I corrected DG11
> to HLPTS and restarted the services, this happes:
> getent group "Oldgroup" returns a value in the 10000 range (as
> specified in the idmap config * statement).
If 'oldgroup' isn't in the the 'HLPTS' domain, this is to be expected.
> I now created a new group in the domain, and expected to get a value
> in the range 30000 (as specified in the idmap config HPTLS statement).
You should.
> Again, I probably don't understand the different backends (tdb vs rid)
> functions enough.
The default domain '*' uses tdb and is an allocating db, the 'rid' 
backend for your HPTLS domain uses the AD objects RID to calculate the 
Unix ID.
>   The new group was given a id of 10032, so it seems
> as if the * statement still is the used range. Is this expected
> behaviour?
No, it isn't, if the group exists in AD and the AD domain name is 
'HPTLS' , from what you have posted, I would expect the Unix ID to start 
with a '3'. Have you run 'net cache flush' ?
>   In the meantime, I will try to read up on the backend's and
> get a better understanding.

tdb is only used for the '*' domain, ID's start from the lower number 
you set in smb.conf

rid is used for the DOMAIN domain (HPTLS in your case), ID's are 
calculated by adding the objects rid to the lower number you set in 
smb.conf. For instance Domain Users ID will be 30000 + 513 = 30513


More information about the samba mailing list