1. Forum
  2. Usenet
  3. LINUX.SAMBA

  • [Samba] Samba 4.6 ID Mapping clarification

    From Paul R. Ganci via samba@21:1/5 to All on Sat Mar 18 23:40:02 2017
    Recently there has been a lot of chatter of where and when to specify ID mapping ranges. In fact, the wiki is quite explicit now:

    /"ID mapping back ends are not supported in the smb.conf file on a
    Samba Active Directory (AD) domain controller (DC)."/

    I also saw a recommendation on this list to run testparm to check the
    smb.conf for problems after upgrading to Samba 4.6. Last night I
    upgraded my AD DC and ran testparm. I get this result:


    testparm
    Load smb config files from /etc/samba/smb.conf
    rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[netlogon]"
    Processing section "[sysvol]"
    Processing section "[Profiles]"
    Processing section "[home]"
    Loaded services file OK.
    idmap range not specified for domain '*'
    ERROR: Invalid idmap range for domain *!

    Server role: ROLE_ACTIVE_DIRECTORY_DC

    <snipped dump of service definitions>

    Note the two lines indicating that the idmap range is not specifed for
    domain '*' and that is flagged as an error. Is this a bug in testparm
    program which should not be flagging the idmap range or is it only idmap
    ranges for the AD DC domain that should not be mapped. I did not add any
    idmap ranges at all in my AD DC smb.conf. It would seem to me that given
    the explicit wiki statement that the testparm check is buggy.

    For the record I am running Sernet Samba 4.6 on a CentOS 6.8 system.

    --
    Paul
    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rowland Penny via samba@21:1/5 to Paul R. Ganci via samba on Sun Mar 19 00:10:01 2017
    On Sat, 18 Mar 2017 12:59:00 -0600
    "Paul R. Ganci via samba" <samba@lists.samba.org> wrote:

    Recently there has been a lot of chatter of where and when to specify
    ID mapping ranges. In fact, the wiki is quite explicit now:

    /"ID mapping back ends are not supported in the smb.conf file on a
    Samba Active Directory (AD) domain controller (DC)."/

    I also saw a recommendation on this list to run testparm to check the smb.conf for problems after upgrading to Samba 4.6. Last night I
    upgraded my AD DC and ran testparm. I get this result:


    testparm
    Load smb config files from /etc/samba/smb.conf
    rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
    (16384) Processing section "[netlogon]"
    Processing section "[sysvol]"
    Processing section "[Profiles]"
    Processing section "[home]"
    Loaded services file OK.
    idmap range not specified for domain '*'
    ERROR: Invalid idmap range for domain *!

    Server role: ROLE_ACTIVE_DIRECTORY_DC

    <snipped dump of service definitions>

    Note the two lines indicating that the idmap range is not specifed
    for domain '*' and that is flagged as an error. Is this a bug in
    testparm program which should not be flagging the idmap range or is
    it only idmap ranges for the AD DC domain that should not be mapped.
    I did not add any idmap ranges at all in my AD DC smb.conf. It would
    seem to me that given the explicit wiki statement that the testparm
    check is buggy.

    For the record I am running Sernet Samba 4.6 on a CentOS 6.8 system.


    Yes, it is a bug:

    https://bugzilla.samba.org/show_bug.cgi?id=12629

    Rowland

    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)