Web lists-archives.com

Re: [Samba] [samba] idmap question




On Thu, 10 Aug 2017 11:44:26 +0200
mathias dufresne via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hi all,
> 
> What is the real purpose if the following lines when using idmap-rid
> or idmap-ad:
> 
> # Default idmap config for local BUILTIN accounts and groups
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> 
> When using the next two lines
> 
> # idmap config for the SAMDOM domain
> idmap config SAMDOM : backend = rid [or ad]
> idmap config SAMDOM : range = 10000-999999
> 
> 
> AD users will be in range 10000-999999, /etc/passwd would be in range
> 0-2999, what kind of users would be added in range 3000-7999?

the '*' range is for the 'BUILTIN' users and groups (more info here:
https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems

It is also used for trusted domains that do not have an idmap config
range set in smb.conf.

You can set the ID for a '*' user or group by giving it a uidNumber or
gidNumber, this moves it to the 'DOMAIN' range, the most usual one to
move is 'Domain Users'

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba