Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Unterstanding idmap config
566 views
Skip to first unread message
basti via samba
Feb 3, 2017, 11:10:02 AM2/3/17
to
Hello,
in my samba NT4 i have some low uid. Rowland Penny suggest to set it
higher. So far OK.
I config my AD member as followed:
# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use an read-write-enabled back end, such as tdb.
idmap config * : backend = tdb
idmap config * : range = 1000-6999
# idmap config for the SAMDOM domain
idmap config foo:backend = ad
idmap config foo:schema_mode = rfc2307
idmap config foo:range = 7000-999999
After I flush the cache with "net cache flash" i can see the same uid on
my member as on my AD DC. so Far OK, that is what i would.
The uid i see from LDAP is 1007.
What does the config * mean?
Why can I see a user with uid 1007 from domain when domain start at 7000?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
in my samba NT4 i have some low uid. Rowland Penny suggest to set it
higher. So far OK.
I config my AD member as followed:
# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use an read-write-enabled back end, such as tdb.
idmap config * : backend = tdb
idmap config * : range = 1000-6999
# idmap config for the SAMDOM domain
idmap config foo:backend = ad
idmap config foo:schema_mode = rfc2307
idmap config foo:range = 7000-999999
After I flush the cache with "net cache flash" i can see the same uid on
my member as on my AD DC. so Far OK, that is what i would.
The uid i see from LDAP is 1007.
What does the config * mean?
Why can I see a user with uid 1007 from domain when domain start at 7000?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny via samba
Feb 3, 2017, 11:30:04 AM2/3/17
to
On Fri, 3 Feb 2017 17:06:07 +0100
basti via samba <sa...@lists.samba.org> wrote:
> Hello,
> in my samba NT4 i have some low uid. Rowland Penny suggest to set it
> higher. So far OK.
>
> I config my AD member as followed:
>
> # Default ID mapping configuration for local BUILTIN accounts
> # and groups on a domain member. The default (*) domain:
> # - must not overlap with any domain ID mapping configuration!
> # - must use an read-write-enabled back end, such as tdb.
> idmap config * : backend = tdb
> idmap config * : range = 1000-6999
>
>
> # idmap config for the SAMDOM domain
> idmap config foo:backend = ad
> idmap config foo:schema_mode = rfc2307
> idmap config foo:range = 7000-999999
>
> After I flush the cache with "net cache flash" i can see the same uid
> on my member as on my AD DC. so Far OK, that is what i would.
>
> The uid i see from LDAP is 1007.
>
> What does the config * mean?
> Why can I see a user with uid 1007 from domain when domain start at
> 7000?
>
The '*' domain is for what is known as the 'Well Known SIDs' and
basti via samba <sa...@lists.samba.org> wrote:
> Hello,
> in my samba NT4 i have some low uid. Rowland Penny suggest to set it
> higher. So far OK.
>
> I config my AD member as followed:
>
> # Default ID mapping configuration for local BUILTIN accounts
> # and groups on a domain member. The default (*) domain:
> # - must not overlap with any domain ID mapping configuration!
> # - must use an read-write-enabled back end, such as tdb.
> idmap config * : backend = tdb
> idmap config * : range = 1000-6999
>
>
> # idmap config for the SAMDOM domain
> idmap config foo:backend = ad
> idmap config foo:schema_mode = rfc2307
> idmap config foo:range = 7000-999999
>
> After I flush the cache with "net cache flash" i can see the same uid
> on my member as on my AD DC. so Far OK, that is what i would.
>
> The uid i see from LDAP is 1007.
>
> What does the config * mean?
> Why can I see a user with uid 1007 from domain when domain start at
> 7000?
>
anything not in the 'FOO' domain.
See here for the well Known SIDs:
https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
You don't really need to see them, they are (mostly) not needed on a
Unix machine.
Rowland
0 new messages