[Samba] Change (fix) idmap config

Rowland Penny rpenny at samba.org
Fri Oct 14 17:16:55 UTC 2022

On 14/10/2022 17:43, Lorenzo Milesi wrote:
>> Sorry, I keep forgetting this, you need to clear the cache with 'net
>> cache flush'
> Ok, I made the switch but one more thing. As soon as I restart smb+nmb+winbind the "domain users" group has this id:
> # getent group "domain users"
> domain users:x:10513:

That is what would be expected from this line in your smb.conf:

idmap config LIGHT:range  = 10000-700000

As you are using the 'rid' idmap backend, the groups Unix ID is 
calculated like this:


which becomes:

10513 = 513 + 10000

> after a few seconds, the ID is "restored" to the wrong one:
> # getent group "domain users"
> domain users:x:700009:

That shouldn't happen, can you post the contents of /etc/nsswitch.conf ?

Try stopping Samba, run 'net cache flush' and then restart Samba again.

Is anything else running ? sssd, nlscd or similar ?

The only other thing that I can think of is, is your AD domains NETBIOS 
domain name something other than 'LIGHT' ?


More information about the samba mailing list