Deprecated but still supported "idmap backend" actually is
broken
Dmitry Butskoy
buc at odusz.so-cdu.ru
Wed Oct 10 18:57:20 GMT 2007
On Wed, 2007-10-10 at 13:00 -0500, Gerald (Jerry) Carter wrote:
> "idmap backend = rid:FOO=1000-2000
>
> This is incorrect syntax since it implies the trusted domain
> patch which was never officially support.
You have confused me completely :)
It was correct for 3.0.24, now (3.0.26) the "idmap backend" is
deprecated at all. What the "trusted domain patch" do you say about?..
> If you just say "idmap backend = rid" it should be ok
But how can I specify the range (1000-100000)? IOW what to add to the
rid to make the uid (f.e. if rid is, say 513, then I want gid to be 1513
etc.)
Anyway, I know that "idmap backend" is deprecated and obsoleted now, but
ReleaseNotes mentions that it should still work as before (for
compatibility). But it does not. And since people do like SWAT to
configure Samba, and SWAT seems to not support "idmap config" yet, the
old scheme should be preserved and should work...
> IIRC the past research
> we did into this. If you want trusted domain supports for
> the rid backend, you need to use the new idmap domains syntax.
The problem is the idmap domain name at runtime are the string "default
domain" instead of the actual doman name, and winbindd cannot find such
a "domain" (until I change the doman name at AD to 'DEFAULT DOMAIN.COM'
8) )
~buc
More information about the samba-technical
mailing list