On 23 July 2013 11:40, Jonathan Buzzard <jonat...@buzzard.me.uk> wrote:
> On Tue, 2013-07-23 at 11:06 +0100, Rowland Penny wrote: > > [SNIP] > > > > > OK, I see where you are coming from, but until testparm starts saying > > 'this will not work because' people will keep on having problems with > > winbind, also why do you need to set up the ranges anyway. > > testparm does not guarantee a working configuration, it guarantee's that > you don't have any invalid configuration lines from a syntactic point of > view. > > I thought that testparm did exactly that, it tested all the parameters in smb.conf, so if the ranges overlap, it should report the error. > I fully appreciate that it can seem confusing. I know three years ago > when I first set it up I ended up reading large chunks of this mailing > lists archive to find a single posts that told me what I was doing > wrong. At the time the idmap_ad manual page did not hold the necessary > information. > > Darned right it is confusing. > However today in mid 2013, the manual page is accurate and there are a > *lot* more posts in the mailing list on how to set it up. > > Yet people still get it wrong. > > The user and group ranges are already set by the admin in uidNumber & > > gidNumber, so again why do they need setting in smb.conf, IMHO the > > setting should be 'idmap config:backend = ad' and that should make > > winbind pull all the rfc2307 items for a user or group > > The issues is that winbind needs somewhere to allocate UID's and GID's > for the BUILTIN backend. As such it does not know in advance what a > suitable block for this is. Only you the administrator can say this > range here is not allocated in the AD. > > Why are the BUILTIN uid's & gid's not set in stone? and noted somewhere and users told 'do not use this range' > Also winbind can handle multiple domains so it needs to know which > domain to use to lookup a given UID or GID in. > > > sssd can do this very easily, so your point is? Rowland > JAB. > > -- > Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk > Fife, United Kingdom. > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba