Web lists-archives.com

Re: [Samba] [samba] idmap question

On Thu, 10 Aug 2017 11:44:26 +0200
mathias dufresne via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hi all,
> What is the real purpose if the following lines when using idmap-rid
> or idmap-ad:
> # Default idmap config for local BUILTIN accounts and groups
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> When using the next two lines
> # idmap config for the SAMDOM domain
> idmap config SAMDOM : backend = rid [or ad]
> idmap config SAMDOM : range = 10000-999999
> AD users will be in range 10000-999999, /etc/passwd would be in range
> 0-2999, what kind of users would be added in range 3000-7999?

the '*' range is for the 'BUILTIN' users and groups (more info here:

It is also used for trusted domains that do not have an idmap config
range set in smb.conf.

You can set the ID for a '*' user or group by giving it a uidNumber or
gidNumber, this moves it to the 'DOMAIN' range, the most usual one to
move is 'Domain Users'


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba