Re: [Samba] GID range full!!
- Date: Mon, 4 Dec 2017 12:56:37 +0100
- From: "Stefan G. Weichinger via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] GID range full!!
Am 2017-12-04 um 12:42 schrieb Rowland Penny:
> II take it that 'arbeitsgruppe' is the workgroup name, it should be
> 'ARBEITSGRUPPE' in the 'idmap config' lines.
The output of testparm shows them lowercase, smb.conf has it in uppercase:
security = ADS
workgroup = ARBEITSGRUPPE
realm = arbeitsgruppe.hidden.tld
log file = /var/log/samba/%m.log
log level = 1
idmap config * : backend = tdb
idmap config * : range = 2000-9999
idmap config ARBEITSGRUPPE:backend = ad
idmap config ARBEITSGRUPPE:range = 10000-9999999
idmap config ARBEITSGRUPPE:schema_mode = rfc2307
username map = /etc/samba/user.map
winbind use default domain = Yes
winbind refresh tickets = Yes
winbind nss info = rfc2307
load printers = No
printcap name = /dev/null
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
> The '*' range is used to store the Well Known SIDs and anything outside
> the 'arbeitsgruppe' domain, 7999 IDs is more than enough for this, in
> fact 999 IDs should have been enough, there are less than 200 Well
> Known SIDs.
> Your 'arbeitsgruppe' domain members should fit into 9989999 IDs
> I suspect that either your domain computers are not in fact domain
> computers, or something is badly mis-configured.
Well, I come back here to ask how to do things and configure DC and DM
for over a year now. We discussed the config in various threads and I
always follow your suggestions and the docs as good as I can and understand.
Same this time. *I* don't know what is wrong or might be wrong.
You suggest the domain computers might not be what they should be:
domain computers. You mean, the windows PCs might be not joined correctly?
To unsubscribe from this list go to the following URL and read the