Overview of ID Mapping in the Samba Configuration File

You configure the mapping in the [global] section of the Samba configuration file /etc/samba/smb.conf.

Consider the following example extract from an /etc/samba/smb.conf file:


#========== Global Settings =======
[global]
security = ADS
.
.
.
#..........................................
#   Using tdb backend for default* domain. 
#   UID/GID range 1000000-2000000
#..........................................
idmap config * : backend = tdb
idmap config * : range = 1000000-2000000


#..........................................
#   Using rid backend to map EXAMPLE.COM users
#   UID/GID range 10000-49999
#..........................................
idmap config EXAMPLE.COM : backend  = rid
idmap config EXAMPLE.COM: range = 10000-49999



#..........................................
#   Using rid backend to map EXAMPLE.NET users
#   UID/GID range 50000-99999
#..........................................
idmap config EXAMPLE.NET : backend  = rid
idmap config EXAMPLE.NET : range = 50000 -99999

The preceding example extract shows the following configurations:

The Samba server is a member of the EXAMPLE.COM AD domain and uses the rid backend to map SIDs belonging to that domain. The backend is authoritative for those SIDs that the rid method translates to UIDs and GIDs within the range specified in the file (10000-49999).
The Samba server also provides share access to a trusted AD domain EXAMPLE.NET. The trusted domain is also configured to use the rid backend. The range for EXAMPLE.NET is 50000-99999.
The default * domain uses backend tdb. The tdb range is specified as 1000000-2000000

WARNING:

ID ranges must not overlap.
Only one range can be assigned to a domain.
After a range has been set and Samba has started using the range, you can only increase the upper number of the range. Any other change to the range can result in new ID assignments, and thus a loss of file ownership data.

The following sections give a further overview on using the different backends to configure ID Mapping for domains.

For more information, see /etc/samba/smb.conf.example and the smb.conf(5) manual pages. See also https://wiki.samba.org/index.php/User_Documentation and upstream documentation.