Web lists-archives.com

Re: [Samba] Winbind - NSS problem?




On Wed, 30 May 2018 18:59:50 +0200
Luciano Mannucci <luciano@xxxxxxxxxxxxxxxx> wrote:

> On Wed, 30 May 2018 16:27:20 +0100
> Rowland Penny via samba <samba@xxxxxxxxxxxxxxx> wrote:
> 
> > > 	workgroup = MCS2003
> > > 	idmap uid = 3000-8004
> > > 	idmap gid = 800-1988  
> > 
> > The above two lines are deprecated
> > 
> > Add these lines instead:
> >         idmap config * : backend = tdb
> >         idmap config * : range = 10000-11000
> > 
> > > 	idmap config MCS2003 : backend = rid
> > > 	idmap config MCS2003 : range = 3000 - 8004  
> > 
> > Change the above line to:
> >         idmap config MCS2003 : range = 800-8004
> Will this change preserve my actual gid-uid mapping?
> If not I will have to reset manually the ownership of all the files of
> all the users, which might trigger a couple terabytes of backup
> otherwise totally useless...
> 
> BTW, thank you for your valuable hints.
> 
> Cheers,
> 
> Luciano.

It will probably/possibly change some numeric IDs, which is why I said
to test it first and have backups to fall back on. The main problem is
the different ranges for 'idmap uid' & 'idmap gid'. Hopefully most of
the changes will be in the 'well known SIDS'. If the numeric IDs are
way out, then you might have to export the users and groups to a file
and then use the file to add uidNumber & gidNumber attributes to AD.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba