Sorry, this probably belongs on samba, not -technical, at least for now.
On Wed, Apr 8, 2020 at 1:55 PM Nathaniel W. Turner <nate at
houseofnate.net>
wrote:
> I have a configuration that is working correctly with samba 4.8 (in CentOS
> 7.6). When I apply the same basic configuration to a system running samba
> 4.9 (CentOS 7.7), I see a very strange behavior: The ID mapping for trusted
> domains does not work right.
>
> Both systems are joined to the domain tc84.local (TC84), which has a
> forest trust with TC83, and they have identical smb.conf files. Here's
the
> idmap related bit:
>
> # testparm 2>/dev/null </dev/null | grep idmap
> idmap config * : range = 1000000-19999999
> idmap config * : backend = autorid
>
> Here's the samba 4.8 system:
>
> [root at kvm7246-vm005 ~]# wbinfo -i TC84\\administrator
> TC84\administrator:*:1100500:1100513::/home/administrator at TC84:/bin/bash
> [root at kvm7246-vm005 ~]# wbinfo -i TC83\\administrator
> TC83\administrator:*:1200500:1200513::/home/administrator at TC83:/bin/bash
>
> And here's the same config on a samba 4.9 system:
>
> [root at kvm7246-vm008 ~]# wbinfo -i TC84\\administrator
> TC84\administrator:*:2000500:2000513::/home/administrator at TC84:/bin/bash
> [root at kvm7246-vm008 ~]# wbinfo -i TC83\\administrator
> TC83\administrator:*:10000:10000::/home/administrator at TC83:/bin/bash
>
> The UID 10000 is not within the idmap configured range!
>
> I looked a the idmap_autorid(8) manpage, and very very quickly scanned the
> source diffs between these versions, but nothing jumps out at me. Is this a
> known issue, or is there some new idmap configuration setting that's
now
> needed?
>
> n
>