From: Samba Guy on
Hi samba folks,

We have upgraded samba 3.2 to samba 3.4 and it has broken our idmap RID
backend config.

The below idmap configuration was being used for samba 3.2 with two domains:



idmap domains = QA2K3192, QA2K3SUB19
idmap config QA2K3SUB192:range = 2000000 - 2999999
idmap config QA2K3SUB192:base_rid = 0
idmap config QA2K3SUB192:backend = rid
idmap config QA2K3192:range = 1000000 - 1999999
idmap config QA2K3192:base_rid = 0
idmap config QA2K3192:backend = rid



And had the following results:



Linux:~ # wbinfo --group-info='qa2k3192\domain users'
QA2K3192\domain users:x:1000513

Linux:~ # wbinfo --group-info='qa2k3sub192\domain users'
QA2K3SUB192\domain users:x:2000513

Which is correct and reports the correct information consistently for this
configuration.



------------------------------------------------------------------------------------------------
We do not obtain the same idmap results with the same idmap backend (RID)
with samba 3.4:

idmap backend = tdb|
idmap uid = 90000000 - 99999999
idmap gid = 90000000 - 99999999
idmap config QA2K3SUB192:range = 2000000 - 2999999
idmap config QA2K3SUB192:backend = rid
idmap config QA2K3SUB192:default = yes
idmap config QA2K3192:range = 1000000 - 1999999
idmap config QA2K3192:backend = rid
idmap config QA2K3192:default = yes



*Linux:~ # service smb restart
Shutting down Samba SMB daemon done*

*Starting Samba SMB daemon done*

*Linux:~ # service nmb restart*

*Shutting down Samba NMB daemon done*

*Starting Samba NMB daemon done*

*Linux:~ # service winbind restart|*

*Shutting down Samba WINBIND daemon done*

*Starting Samba WINBIND daemon done*

*Linux:~ # net cache flush*



Linux:~ # wbinfo --group-info='qa2k3192\domain users'
QA2K3192\domain users:x:90000000

Linux:~ # wbinfo --group-info='qa2k3sub192\domain users'
QA2K3SUB192\domain users:x:90000001

Those groups should not be in that range!

We do not want to use the idmap uid = or idmap gid = setting as it dumps
some domain ids in the wrong range, yet we seem forced to add those to the
config in samba 3.4 - I understand idmap hash is superior but for our setup
we cant migrate to this new paradigm due to the amount of data currently
written to fileserver with idmap RID based ACLs.



Can anyone provide the following:

Documentation of how to configure idmap backend = rid with two domains using
samba 3.4
Configuration Example:

One win2k3 domain with the range of 1000000-1999999 and the other child
domain with a range of 2000000-2999999

The expectation we have is it should behave the same as samba 3.2. We
only want domain users mapped to their appropriate/specified idmaps
"buckets" as it was before in 3.2 with our config.



Thanks,
A Samba Guy
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba