[Samba] Move default idmap range on ctdb cluster
Rowland Penny
rpenny at samba.org
Tue May 23 10:25:28 UTC 2023
On 23/05/2023 10:55, Stolte, Felix via samba wrote:
> Hi,
>
> we are running a CTDB Cluster with samba for several years with the following idmap ranges:
>
> idmap config * : backend = tdb
> idmap config *:range = 208000-209999
>
> idmap config fzj:schema_mode = rfc2307
> idmap config fzj:default = yes
> idmap config fzj:backend = ad
> idmap config fzj:range = 2000-200000
>
> Recently we created the first user in Active Directory with an uid abvor 200000 and i need to increase the fzj:range accordingly. Unfortunately the *:range is in the way. To my understanding the *:range is for the local Builtin Users of the Samba Server like „Administrator“ which we are not using at all. All permissions and ownerships refer to Users/Groups in our ActiveDirectory.
>
> Is it safe to change idmap config *:range from "208000-209999“ to "1600-1999“ and increase idmap config fzj:range from "2000-200000“ to „2000-400000“? Any sideffects i need to worry about (like rebuilding tdbs etc.) or CTDB specific measures i have to take?
>
> Best regards
> Felix
Do you have any files or directories owned by any of the Well Known Sids
or any users or groups from a Domain that isn't 'FZJ' ?
If you haven't, then you should be okay.
I said years ago, putting the default domain range above the main
'DOMAIN' range was a very bad idea.
Rowland
More information about the samba
mailing list