[Samba] AD Functional Level vs very old SaMBa member server

Rowland Penny rpenny at samba.org
Fri Mar 10 20:51:07 UTC 2023

On 10/03/2023 20:35, Tamás Németh via samba wrote:
> Will I really HAVE to use the idmap backends AD or RID? I was planning to
> use TDB2 with a script which I've already written:

Tdb2 is meant to replace tdb in clusters and is an allocating backend, 
so that will be a no.

> [root at fs3 samba]# ./idmap.sh IDTOSID UID 1301
> SID:S-1-5-21-1632654815-303659134-1628659390-1950
> [root at fs3 samba]# ./idmap.sh IDTOSID GID 198
> SID:S-1-5-21-1632654815-303659134-1628659390-3247
> [root at fs3 samba]# ./idmap.sh SIDTOID
> S-1-5-21-1632654815-303659134-1628659390-1950
> UID:1301
> [root at fs3 samba]# ./idmap.sh SIDTOID
> S-1-5-21-1632654815-303659134-1628659390-3247
> UID:198
> It periodically collects UIDs and GID's from the ancient SaMBa, and
> collects SIDs with wbinfo. I hope it will ensure UIDs ang GIDs to be equal
> to those in /etc/passwd and /etc/group on the old server. Is it feasible to
> use this script with TDB2 knowing that UIDs start at 1000 and GIDs start at
> 100? Can the range of TDB2 be set this low?

You could try the 'nss' backend, but you will be better off (in the long 
term) using the 'rid', 'ad' or 'autorid' beckend

You still haven't said what all those scripts do.


More information about the samba mailing list