The autorid back end works similar to the rid ID mapping back end, but can automatically assign IDs for different domains.
This enables you to use the autorid back end: for the * default domain and additional domains, without the need to create ID mapping configurations for each of the additional domains.
Of course, you can choose the backend you prefer eg. enable it only for specific domains.
The major drawback of autorid is that user and group IDs are not equal across Samba domain members.
I think it is the best solution if you don't manage the active directory to use autorid or rid.
On the other hand, you could use AD ID mapping (based on RFC 2307) but this uses the parameters that are specific to the active directory. Such values for the RFC2307 attributes are not created automatically, they must be added manually.
I suggest to you to read somethin about on SambaWiki
https://wiki.samba.org/index.php/Idmap_config_ad
https://wiki.samba.org/index.php/Idmap_config_autorid
you can find an example of configuration (taken from
here):
[global]
bind interfaces only = Yes
interfaces = lo ens192
kerberos method = secrets and keytab
realm = MYDOMAIN.COM
security = ADS
template homedir = /home/%U@%D
template shell = /bin/bash
username map = /etc/samba/user.map
winbind refresh tickets = Yes
workgroup = MYDOMAIN
idmap config mydomain : backend = autorid
idmap config mydomain : range = 2000000-2999999
idmap config * : range = 10000-999999
idmap config * : backend = autorid
include = /etc/samba/shares.conf
map acl inherit = Yes
ens192 is your network card name, replace it with yours.
/etc/samba/user.map is a file which contains linux user to map with active directory, for example not mapping root as mydomain\administrator
/etc/samba/shares.conf file contains share definition and options
