[Samba] idmap range
Stefan G. Weichinger
lists at xunil.at
Wed Mar 23 10:23:50 UTC 2022
greetings, it's been a long time since I posted here.
So far everything went smooth regarding my samba domains.
today I wanted to edit a GPO and get errors in RSAT ("wrong parameter").
Checked sysvol ACLs, something is wrong.
"sysvolreset" takes a long time and always says:
idmap range not specified for domain '*'
-
hmm. Correct. My smb.conf on that DC (4.14.12):
# samba-tool testparm
INFO 2022-03-23 11:22:14,074 pid:3766171
/usr/lib/python3/dist-packages/samba/netcmd/testparm.py #96: Loaded smb
config files from /etc/samba/smb.conf
INFO 2022-03-23 11:22:14,074 pid:3766171
/usr/lib/python3/dist-packages/samba/netcmd/testparm.py #97: Loaded
services file OK.
Press enter to see a dump of your service definitions
# Global parameters
[global]
disable spoolss = Yes
dns forwarder = 192.168.16.111
log level = 1
netbios name = DC2
printcap name = /dev/null
realm = MYDOM.AT
server role = active directory domain controller
template shell = /bin/bash
time server = Yes
usershare path =
winbind offline logon = Yes
workgroup = BUERO
sdb:schema update allowed = no
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /var/lib/samba/sysvol/pilsbacher.at/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
--
What do I set idmap range to while NOT breaking the existing users/groups?
Will that help me to get correct ACL editing perms again?
thanks, regards, Stefan
More information about the samba
mailing list