The RIDs which I understand like the last digits of the SID are from
1000 to 300000 on the AD
Which range values should I set ?
Le 05/04/2024 ? 16:32, Rowland Penny via samba a ?crit?:> On Fri, 5 Apr 2024 16:11:55 +0200
> Arnaud Bougeard via samba <samba at lists.samba.org> wrote:
>
>> Hello,
>> I followed your advice and therefore deactivated the sssd service and
>> therefore the ldap client.
>> The NFS and samba file services are still operational.
>> How to optimize idmap range values?
>>
>>
>
> If you are using uidNumber & gidNumber attributes in AD, then you need
> to find out what the lowest one is in AD and use this as the start of
> the DOMAIN range in your smb.conf, then find the highest one in AD, add
> a number to this to allow for growth and use that for the end number in
> the range, If your lowest number is 10000 and your highest number is
> 25000, you could use something like this:
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config DOMAIN : backend = ad
> idmap config DOMAIN : range = 10000-99999
>
> If you haven't got any uidNumber or gidNumber attributes in AD, then
> you could use the 'rid' backend. This calculates the Unix ID from
the
> user or group RID and the low DOMAIN range you set in the smb.conf
>
> This would use similar lines to above:
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config DOMAIN : backend = rid
> idmap config DOMAIN : range = 10000-99999
>
> Provided you use the same idmap config lines on all Unix domain
> members, you will always get the same IDs when using the 'rid'
backend.
>
> NOTE: 'DOMAIN' is a placeholder for your NetBIOS name (aka
workgroup).
>
> I suggest you read:
> man idmap_ad
> man idmap_rid
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> Rowland
>