In order to avoid pollution of the autorid ranges, the idmap autorid module requires the presence of an successful stamp in netsamlogon_cache.tdb. It's also possible to create ranges by hand using: ### get the existing ranges: #> net idmap get ranges RANGE 0: ALLOC RANGE 1: S-1-5-21-2072033271-969857664-807811056 ### use the next free range #> net idmap set range 2 S-1-5-21-4053568372-2049667917-3384589010 #> net idmap get ranges RANGE 0: ALLOC RANGE 2: S-1-5-21-4053568372-2049667917-3384589010 RANGE 1: S-1-5-21-2072033271-969857664-807811056 We can improve this for future 4.6 releases for cases where the winbindd parent already knows an domain really exists.
Created attachment 13023 [details] Possible patch for master
Created attachment 13027 [details] Patch for v4-6-test
Comment on attachment 13027 [details] Patch for v4-6-test LGTM.
Reassigning to Karolin for inclusion in 4.6.next.
(In reply to Jeremy Allison from comment #4) Pushed to autobuild-v4-6-test.
(In reply to Karolin Seeger from comment #5) Pushed to v4-6-test. Closing out bug report. Thanks!