On Tue, 2013-07-23 at 11:06 +0100, Rowland Penny wrote: [SNIP]
> > OK, I see where you are coming from, but until testparm starts saying > 'this will not work because' people will keep on having problems with > winbind, also why do you need to set up the ranges anyway. testparm does not guarantee a working configuration, it guarantee's that you don't have any invalid configuration lines from a syntactic point of view. I fully appreciate that it can seem confusing. I know three years ago when I first set it up I ended up reading large chunks of this mailing lists archive to find a single posts that told me what I was doing wrong. At the time the idmap_ad manual page did not hold the necessary information. However today in mid 2013, the manual page is accurate and there are a *lot* more posts in the mailing list on how to set it up. > The user and group ranges are already set by the admin in uidNumber & > gidNumber, so again why do they need setting in smb.conf, IMHO the > setting should be 'idmap config:backend = ad' and that should make > winbind pull all the rfc2307 items for a user or group The issues is that winbind needs somewhere to allocate UID's and GID's for the BUILTIN backend. As such it does not know in advance what a suitable block for this is. Only you the administrator can say this range here is not allocated in the AD. Also winbind can handle multiple domains so it needs to know which domain to use to lookup a given UID or GID in. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
