Rowland Penny
2017-Sep-13 15:32 UTC
[Samba] Slow, Incorrect Group Resolution through Winbind
On Wed, 13 Sep 2017 11:18:59 -0400 Sonic via samba <samba at lists.samba.org> wrote:> On Wed, Sep 13, 2017 at 10:48 AM, Rich Otero via samba > <samba at lists.samba.org> wrote: >> > idmap config * : range = 16777216-33554431 > > idmap config * : backend = tdb > > Should be more like: > idmap config STUDENTS : range = 16777216-33554431 > idmap config STUDENTS : backend = tdb > > ...plus something like: > idmap config * : range = 10000-20000 > idmap config * : backend = tdb > ... using a different range than configured for STUDENTS. > > Again "man smb.conf" is your friend.Obviously not, from the above ;-) I would expect something like: idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config STUDENTS : backend = rid idmap config STUDENTS : range = 16777216-33554431 Rowland
On Wed, Sep 13, 2017 at 11:32 AM, Rowland Penny via samba <samba at lists.samba.org> wrote:> On Wed, 13 Sep 2017 11:18:59 -0400 > Sonic via samba <samba at lists.samba.org> wrote: > >> Should be more like: >> idmap config STUDENTS : range = 16777216-33554431 >> idmap config STUDENTS : backend = tdb >> >> ...plus something like: >> idmap config * : range = 10000-20000 >> idmap config * : backend = tdb >> ... using a different range than configured for STUDENTS. >> >> Again "man smb.conf" is your friend. > > Obviously not, from the above ;-) > > I would expect something like: > > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > idmap config STUDENTS : backend = rid > idmap config STUDENTS : range = 16777216-33554431 >Are you stating that only one assignment of tdb can be defined? I use the rid backend for the domains that are hosted on another server but wasn't sure whether or not multiple tdb backend assignments were allowed. Although I've never tried it, the man page does not appear to state that tdb cannot be used for multiple backends. But I'm reading the man page for 4.7.0rc5 which may be different. Chris
Rowland Penny
2017-Sep-13 16:22 UTC
[Samba] Slow, Incorrect Group Resolution through Winbind
On Wed, 13 Sep 2017 11:58:27 -0400 Sonic <sonicsmith at gmail.com> wrote:> On Wed, Sep 13, 2017 at 11:32 AM, Rowland Penny via samba > <samba at lists.samba.org> wrote: > > On Wed, 13 Sep 2017 11:18:59 -0400 > > Sonic via samba <samba at lists.samba.org> wrote: > > > >> Should be more like: > >> idmap config STUDENTS : range = 16777216-33554431 > >> idmap config STUDENTS : backend = tdb > >> > >> ...plus something like: > >> idmap config * : range = 10000-20000 > >> idmap config * : backend = tdb > >> ... using a different range than configured for STUDENTS. > >> > >> Again "man smb.conf" is your friend. > > > > Obviously not, from the above ;-) > > > > I would expect something like: > > > > idmap config * : backend = tdb > > idmap config * : range = 3000-7999 > > idmap config STUDENTS : backend = rid > > idmap config STUDENTS : range = 16777216-33554431 > > > > Are you stating that only one assignment of tdb can be defined? I use > the rid backend for the domains that are hosted on another server but > wasn't sure whether or not multiple tdb backend assignments were > allowed. Although I've never tried it, the man page does not appear to > state that tdb cannot be used for multiple backends. But I'm reading > the man page for 4.7.0rc5 which may be different. > > ChrisFor the '*' domain you should only the tdb backend (note, you cannot use the rid backend). For the 'DOMAIN' domain you can use several different backends (rid, ad etc) but I wouldn't use the tdb backend, how are you going to be sure you will get the same IDs on all Unix machines ? If you use the 'rid' backend and the same range on all Unix machines, you will get the same IDs without having to add anything to AD. Rowland