[Samba] Problem idmap_ad

edv at balke-hamburg.de edv at balke-hamburg.de
Wed Dec 14 09:14:06 UTC 2022

Sorry for the spam. My mailserver got an error message after trying to send via IPV6 four times and then switched back to IPV4. But back to the topic:

The change to rid is our temporary workaround, nevertheless the version with idmap config DOMAIN:backend = ad gives the problems that I mentioned in my first post, several users can use the shares and others can't without any clue why. They have random (old) unix IDs and other users with a uidNumber between them cannot use the share, loads of logs with loglevel 10 did not give any hint.

So this is the version that does not give all users access to the shares:

        idmap config * : backend = tdb
        idmap config * : range = 117000-117999
        idmap config DOMAIN:backend = ad
        idmap config DOMAIN:schema_mode = rfc2307
        idmap config DOMAIN:range = 1001-116999
        idmap config DOMAIN:unix_nss_info = no
        idmap config DOMAIN:unix_primary_group = yes

        template shell = /bin/bash
        template homedir = /home/%U

        kerberos method = secrets and keytab

        winbind nss info = template
        winbind use default domain = yes
        winbind enum users = yes
        winbind enum groups = yes

Best Regards 
Matthias Mueller

> You do not appear to be using the 'ad' idmap backend, you have commented 
>it out.

> Also, did your finger get stuck, you asked the same question 5 times.

> Rowland

More information about the samba mailing list