Rowland penny rpenny at samba.org
Fri Jun 18 12:24:49 UTC 2021

On 18/06/2021 13:08, Andrew Walker via samba wrote:
>>       idmap config * : range = 3000-7999
>>       idmap config CUSTOMER : backend = rid
>>       idmap config CUSTOMER : range = 10000-999999
> Won't the idmap setting changes change IDs assigned for AD users? This
> change can potentially require re-doing permissions on-disk once you've
> made it. You might also want to keep a backup of your winbindd_idmap.tdb
> file. I'm not saying it's a bad idea, but it's something you will need to
> evaluate and keep in mind while making the changes (and do them in a
> maintenance window :))

Unfortunately, yes it will, but it is an artefact of not correctly 
setting the 'idmap config' lines in the first place. The OP could find 
out what ID's the users and groups are using now and then use the 'ad' 
backend and populate the rfc2307 attributes with the ID's

I do wish people would read our documentation before setting up a Unix 
domain member, it is easier to 'fix' something before it goes into 


More information about the samba mailing list