samba-users August 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: Re: [Samba] id mapping

Re: [Samba] id mapping

From: Robert Freeman-Day <presgas_at_nospam>
Date: Tue Aug 24 2010 - 17:29:01 GMT
To: Greg Dickie <>

Hash: SHA1


That may work for you as well, but I was actually referring to:
idmap backend = hash

That should be available in 3.5.4.


On 08/24/2010 11:10 AM, Greg Dickie wrote:
> Hi Robert,
> Thanks for the response. You are referring to
> idmap backend = rid
> correct?
> Greg
> On Tue, 2010-08-24 at 09:10 -0400, Robert Freeman-Day wrote:
> I have been the most happy with the hash idmap. It really is the least
> invasive and "just works" (does that need to be trademarked these
> days?). Since it hashes the SID with the same algorithm, all members
> get the same UID/GID mappings, which is a big win.
> Robert
> On 08/23/2010 05:21 PM, Greg Dickie wrote:
>>>> Hi,
>>>> Today I'm trying to debug a problem on samba 3.5.4 where a domain
>>>> member server is having trouble mapping UIDs to SIDs. I must admit I
>>>> never really looked at this before as everything seemed to "just work".
>>>> Today I discovered that idmap backend on the PDC and the member server
>>>> were both defaulted to tdb. This means they have independent views of
>>>> UID to SID mappings I guess. That sucks. So I'm looking at the ldap
>>>> backend but I notice that it uses a special ou in the LDAP tree to store
>>>> mappings. Why do we need that if the sambaSamAccount schema also has
>>>> SIDs and UIDs for each user. Also, how is that tree populated?
>>>> Looking at my PDC it seems to just pull everything out of gencache.tdb
>>>> or say that no mapping exists. Doing a tdbdump of winbind_idmap.tdb
>>>> shows only a few entries. This seems to be more complicated than I
>>>> expected. I'm sorry if this is a silly question but what am I doing
>>>> wrong?
>>>> Thanks a lot,
>>>> Greg

- --

Robert Freeman-Day
GPG Public Key:
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla -

-- To unsubscribe from this list go to the following URL and read the instructions: