From: Thorsten Leiser on

i want to migrate from samba 3.2.6-37 (sernet-built on sles9) to
3.3.12-25 (sernet-built on debian lenny). It's a domain member server in
an w2k3 ad with all company files on it. I migrated the smb.conf and
moved the winbindd_idmap.tdb to the lenny server. The winbind idmap
options are still the same with tdb as idmap backend and don't conflict
with entries of /etc/group and /etc/passwd. My gid range starts by 10000
(10000 was originally mapped by winbind to domain-users). Now on lenny
it seems that samba overrides the winbindd_idmap of the domain-users to
BUILTIN\administrators. A "wbinfo -Y S-1-5-32-544" with a result of
10000 confirmed my assumptions. I don't know why samba behaves like
this. For further analysis i attach the global section of the smb.conf.

Anyone an idea?


unix charset = ISO8859-15
display charset = ISO8859-15
workgroup = SCHARRNET
server string =
interfaces =, eth0
bind interfaces only = Yes
security = ADS
password server = OMBRE DC1
log level = 2
load printers = No
printcap name = cups
add share command = /usr/local/bin/
change share command = /usr/local/bin/
delete share command = /usr/local/bin/
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
winbind cache time = 900
winbind enum users = Yes
winbind enum groups = Yes
ea support = Yes
map acl inherit = Yes
hide unreadable = Yes
veto oplock files = /*.mdb/*.MDB/
store dos attributes = Yes
dos filemode = Yes
dos filetime resolution = Yes


Thorsten Leiser
SYNCHRON Gesellschaft für betriebswirtschaftliche
Beratung und Informationssysteme mbH
Liebknechtstr. 50

70565 Stuttgart-Vaihingen

To unsubscribe from this list go to the following URL and read the