Dear Samba experts,
Initially we set up winbind to the following:
idmap uid = 10000-20000
thinking that 10000 uids were sufficient
for the number of users we would get.
We also have defined our UNIX users
from 20001 onwards.
However, now I can see that our latest
windows(idmap uid) users has uid 19123
and this troubles me.
Since I cannot just "extend" the range to
be say 10000-30000 because of our UNIX
UIDs, I would like to ask if it is possible to
define 2 ranges like:
idmap uid = 10000-20000,30000-40000
I noticed that winbind will not automatically
remove UIDs not used. For instance when
a windows user is deleted. Is there a way
to do this manually ?
And will winbind then use the "unused" UIDs ?
Kind regards, Hans.
**********************************************************************
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to which they
are addressed. If you have received this e-mail in error please notify
the system manager at helpdesk@maerskoil.com.
This e-mail and its contents do not constitute and shall not be
considered as a financial commitment of Maersk Olie og Gas AS
and its affiliates.
Maersk Olie og Gas AS expressly disclaims any responsibility
as to the accuracy and use of this e-mail and its contents.
**********************************************************************
Gerald (Jerry) Carter
2006-Feb-21 15:28 UTC
[Samba] help, we are running out of idmap uids
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hans B. Randgaard wrote:> Initially we set up winbind to the following: > idmap uid = 10000-20000 > thinking that 10000 uids were sufficient > for the number of users we would get. > > We also have defined our UNIX users > from 20001 onwards. > > However, now I can see that our latest > windows(idmap uid) users has uid 19123 > and this troubles me. > > Since I cannot just "extend" the range to > be say 10000-30000 because of our UNIX > UIDs, I would like to ask if it is possible to > define 2 ranges like: > idmap uid = 10000-20000,30000-40000 > I noticed that winbind will not automatically > remove UIDs not used. For instance when > a windows user is deleted. Is there a way > to do this manually ? > > And will winbind then use the "unused" UIDs ?Winbindd maintains a static mapping os DIS to Unix ids. Since SIDs are never reused, neither are the Unix ids. Ids are allocated in a monotonically increasing fashion so you're only current choice is to expand or move the idmap ranges. This has come up a lot ni the past, but all the proposed solutions were suboptimal IMO and therefore never integrated into source tree. I'm more than happy to try to find time to review patches, but I've got several ongoing projects right now and can't do this myself. Mostly, it would involve fixing the idmap range parser. Multiple ranges is not that hard to do I think. You deal with aa range in isolation until it has been exhausted and then move on to the next. cheers, jerry ====================================================================I live in a Reply-to-All world ----------------------- Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD+zFvIR7qMdg1EfYRAsOeAJ4hGxDodU2tgwpQfxoMekRlZq2mqACfQN5E TyCbsVS1Wty65Cxd1TfGnz4=qaCP -----END PGP SIGNATURE-----