When run on a Samba 4.6.0 AD DC, the "testparm" tool outputs the following: idmap range not specified for domain '*' ERROR: Invalid idmap range for domain *! This is obviously targeted to a domain member and should not occur on a DC. A check should be included in the tool to verify which server role it is being run on. Thank you.
Created attachment 13493 [details] patch for 4.7
Created attachment 13495 [details] patch for 4.6
I think a check is also needed, if the server role is ROLE_DOMAIN_PDC: pvscsi # testparm Load smb config files from /etc/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[netlogon]" Processing section "[homes]" Processing section "[public]" Processing section "[print$]" Loaded services file OK. idmap range not specified for domain '*' ERROR: Invalid idmap range for domain *! Server role: ROLE_DOMAIN_PDC
Reassigning to Karolin for inclusion in 4.7.0, 4.6.next.
Pushed to autobuild-v4-{6,7}-test.
Pushed to both branches. Closing out bug report. Thanks!
It should have been noticed that "testparm" is not made for Samba in AD DC mode. "samba-tool testparm" is what needs to be called on AD DCs. Andreas: is your patch valid nevertheless?