Web lists-archives.com

Re: [Samba] Linux multiple member server




On Sun, 23 Sep 2018 15:31:06 -0500
Robert Wooden via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Good to hear I was correct about all members having same ranges.
> 
> Now, I have had this idmap sequence order for years in my smb.conf
> files and have copy pasted always moving forward.
> 
> Sorry if I am misunderstanding you but, your saying invert them,
> listing the SAMDOM first followed by the "*"?
> 
> like this example?
> 
> idmap config SAMDOM : backend = rid
> idmap config SAMDOM : range = 10000-40000
> idmap config * : backend = tdb
> idmap config * : range = 50001-80000
> 

Er, no, you are stuck with the above on an existing Unix
domain member, but on new Unix domain members I would use this:

idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config SAMDOM : backend = rid
idmap config SAMDOM : range = 10000-80000

The '*' domain is for the 'Well Know SIDs' and anything outside of the
'SAMDOM' domain and there are less than 200 'Well Known SIDs', so 4999
ID's should be more than enough.
When it comes to the 'SAMDOM' domain, if you do reach the user ID
'80001', this wouldn't be a problem with my suggested lines, just
change the '80000' to '90000'. If the '*' domain is above the 'SAMDOM'
domain, then you are limited to the difference between the high number
for the 'SAMDOM' range and the low number for the '*' range. In your
case '40000' and '50001', for most people this might not be a problem,
but for some, it would be a big problem.

Rowland
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba