Web lists-archives.com

[Samba] idmap config with rid backend


    I traditionally use the 'ad' backend on member machines with rfc2307. I decided to give 'rid' a go on a server only performing authentication. Everything went well with join but I have a few questions. First my smb.conf on Ubuntu 16.04.4 LTS

        security = ADS
        workgroup = DOMAIN
        realm = DOMAIN.LOCAL

        log file = /var/log/samba/%m.log
        log level = 1

        idmap config * : backend = tdb
        idmap config * : range = 3000-7999
        idmap config DOMAIN : backend = rid
        idmap config DOMAIN : range 10000-999999

        winbind nss info = template
        template shell = /bin/bash
        template homedir = /home/%U

Output of 'getent group'

 getent group "DOMAIN\\Domain Users"
DOMAIN\domain users:x:10513:

Output of 'getent passwd'

getent passwd DOMAIN\\James
DOMAIN\James:*:14659:10513:James Test:/home/james:/bin/bash

My other member servers that utilize the 'ad' backend utilize the same DOMAIN range of 10000-999999 and I assign uid's and gid's via. RSAT.

 * Is it OK to run multiple member servers with different domain
   backends in a forest?
 * Is it OK to use the same range with different domain backends?



To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba