On Sat, 18 Mar 2017 12:59:00 -0600
"Paul R. Ganci via samba" <samba at lists.samba.org> wrote:
> Recently there has been a lot of chatter of where and when to specify
> ID mapping ranges. In fact, the wiki is quite explicit now:
>
> /"ID mapping back ends are not supported in the smb.conf file on a
> Samba Active Directory (AD) domain controller (DC)."/
>
> I also saw a recommendation on this list to run testparm to check the
> smb.conf for problems after upgrading to Samba 4.6. Last night I
> upgraded my AD DC and ran testparm. I get this result:
>
>
> > testparm
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
> (16384) Processing section "[netlogon]"
> Processing section "[sysvol]"
> Processing section "[Profiles]"
> Processing section "[home]"
> Loaded services file OK.
> idmap range not specified for domain '*'
> ERROR: Invalid idmap range for domain *!
>
> Server role: ROLE_ACTIVE_DIRECTORY_DC
>
> <snipped dump of service definitions>
>
> Note the two lines indicating that the idmap range is not specifed
> for domain '*' and that is flagged as an error. Is this a bug in
> testparm program which should not be flagging the idmap range or is
> it only idmap ranges for the AD DC domain that should not be mapped.
> I did not add any idmap ranges at all in my AD DC smb.conf. It would
> seem to me that given the explicit wiki statement that the testparm
> check is buggy.
>
> For the record I am running Sernet Samba 4.6 on a CentOS 6.8 system.
>
Yes, it is a bug:
https://bugzilla.samba.org/show_bug.cgi?id=12629
Rowland