Re: [Samba] Samba user mapping DC <-> DC Member
- Date: Thu, 2 Feb 2017 16:00:32 +0000
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Samba user mapping DC <-> DC Member
On Thu, 2 Feb 2017 16:39:08 +0100
basti via samba <samba@xxxxxxxxxxxxxxx> wrote:
> I have add
> idmap config * : backend = tdb
> idmap config * : range = 1-512
> and change
> idmap config kes:range = 512-999999
> Restart winbind and there is still the same problem.
Not really surprised, by using '1-512', you have ensured that the well
know SIDs will get the same IDs as the Unix system users and groups,
again not a good idea.
If you look in /etc/nsswitch.conf , you should see that the 'passwd' and
'group' lines should look like this:
passwd: files winbind
group: files winbind
NOTE: 'files' may be 'compat', but they both mean the same thing, which
is that when a user connects, it is first checked to see if it exists
in /etc/passwd and if not found, winbind is asked.
In the past, it wasn't thought to be wrong to use such low ID numbers,
but now it is has been shown to be a bad idea.
Please read and try to understand the wiki.
To unsubscribe from this list go to the following URL and read the