[Samba] Change (fix) idmap config
Rowland Penny
rpenny at samba.org
Fri Oct 14 17:16:55 UTC 2022
On 14/10/2022 17:43, Lorenzo Milesi wrote:
>> Sorry, I keep forgetting this, you need to clear the cache with 'net
>> cache flush'
>
> Ok, I made the switch but one more thing. As soon as I restart smb+nmb+winbind the "domain users" group has this id:
> # getent group "domain users"
> domain users:x:10513:
That is what would be expected from this line in your smb.conf:
idmap config LIGHT:range = 10000-700000
As you are using the 'rid' idmap backend, the groups Unix ID is
calculated like this:
ID = RID + LOW_RANGE_ID
which becomes:
10513 = 513 + 10000
> after a few seconds, the ID is "restored" to the wrong one:
> # getent group "domain users"
> domain users:x:700009:
That shouldn't happen, can you post the contents of /etc/nsswitch.conf ?
Try stopping Samba, run 'net cache flush' and then restart Samba again.
Is anything else running ? sssd, nlscd or similar ?
The only other thing that I can think of is, is your AD domains NETBIOS
domain name something other than 'LIGHT' ?
Rowland
More information about the samba
mailing list