Open AnrDaemon opened 9 years ago
Kerberos configuration may also cause mess if member server do not have correct realm listed. So, beware.
/etc/pam.d - any file that mention krb5 and minimum_uid may need to be changed to match your idmap range. MAY be. This is not necessary. If you, i.e., have legacy group ID maps within 5xx range, do NOT touch the setting. Only change it, if
# visudo -f /etc/sudoers.d/domain
# Members of the "domain admins" group may do about anything.
# And rightfully so.
%domain\x20admins ALL=(ALL:ALL) ALL
# adduser --uid=499 --ingroup=admin localroot
Exclude uid's 0 and 65534. Compare the lists. If results are satisfactory, set the idmap range to include lowest xid from the SAM database.