Re: [Samba] GID range full!!
- Date: Mon, 4 Dec 2017 12:22:59 +0000
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] GID range full!!
On Mon, 4 Dec 2017 12:56:37 +0100
"Stefan G. Weichinger" <lists@xxxxxxxx> wrote:
> Am 2017-12-04 um 12:42 schrieb Rowland Penny:
> > II take it that 'arbeitsgruppe' is the workgroup name, it should be
> > 'ARBEITSGRUPPE' in the 'idmap config' lines.
> The output of testparm shows them lowercase, smb.conf has it in
> security = ADS
> workgroup = ARBEITSGRUPPE
> realm = arbeitsgruppe.hidden.tld
> log file = /var/log/samba/%m.log
> log level = 1
> idmap config * : backend = tdb
> idmap config * : range = 2000-9999
> idmap config ARBEITSGRUPPE:backend = ad
> idmap config ARBEITSGRUPPE:range = 10000-9999999
> idmap config ARBEITSGRUPPE:schema_mode = rfc2307
> username map = /etc/samba/user.map
> winbind use default domain = Yes
> winbind refresh tickets = Yes
> winbind nss info = rfc2307
> load printers = No
> printcap name = /dev/null
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
> > The '*' range is used to store the Well Known SIDs and anything
> > outside the 'arbeitsgruppe' domain, 7999 IDs is more than enough
> > for this, in fact 999 IDs should have been enough, there are less
> > than 200 Well Known SIDs.
> > Your 'arbeitsgruppe' domain members should fit into 9989999 IDs
> > I suspect that either your domain computers are not in fact domain
> > computers, or something is badly mis-configured.
> Well, I come back here to ask how to do things and configure DC and DM
> for over a year now. We discussed the config in various threads and I
> always follow your suggestions and the docs as good as I can and
> Same this time. *I* don't know what is wrong or might be wrong.
> You suggest the domain computers might not be what they should be:
> domain computers. You mean, the windows PCs might be not joined
There doesn't seem to anything really wrong with the smb.conf, unless
you are running a version of Samba from 4.6.0, see here for how to set
up idmap now:
You can also find a list of Well Known SIDs here:
It may be, for some reason, your windows clients are not joined, this
is unlikely, but worth checking.
To unsubscribe from this list go to the following URL and read the