On Tue, 2013-07-23 at 11:55 +0100, Rowland Penny wrote: [SNIP]
> > I thought that testparm did exactly that, it tested all the parameters > in smb.conf, so if the ranges overlap, it should report the error. > You thought wrong then. It tests to see if they are valid so 1000-akjf is invalid and will throw an error, 1000-2000 is valid and will not throw an error even if it overlaps with some other range. > > Darned right it is confusing. > It was confusing because the documentation at the time was not complete. That is no longer the case. > > Yet people still get it wrong. > There is no accounting for what some people do. I have just checked and a Google search for "winbind ad rfc2307 setup" give a top hit that explains the ranges must be orthogonal. > > Why are the BUILTIN uid's & gid's not set in stone? and noted > somewhere and users told 'do not use this range' > Because your set in stone range might already be allocated in the AD. Not all Samba servers are green field deployments. Some/many have to integrate into already existing environments and hence admins need the flexibility to adapt to the environment they find themselves in. > > Also winbind can handle multiple domains so it needs to know > which > domain to use to lookup a given UID or GID in. > > > sssd can do this very easily, so your point is? > That is the one thing that sssd cannot do. At least according to the documents I have read multiple domains with cross domain trusts equals use winbind. Either way there is no way for either sssd or winbind to known which of the potential multiple domains it should look that up in. You could I guess take a sledgehammer approach and look it up in all the domains, but I can think of lots of reasons why that would not be a good idea. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba