As I'm getting a ready-made configuration, I would like to understand:

The manual, available at link, says:

"The idmap uid parameter specifies the range of user ids for the default idmap configuration. It is now deprecated in favour of idmap config * : range.",
"The idmap gid parameter specifies the range of group ids for the default idmap configuration. It is now deprecated in favour of idmap config * : range."
and
"This option specifies the default backend that is used when no special configuration set, but it is now deprecated in favour of the new spelling idmap config * : backend."


What are these parameters for? If they are obsolete, are they not working?

In the configuration file is also 'security = user', and the link says to leave 'security = ADS', if I am going to change the obsolete parameters.

PS:
I noticed these messages while trying to find what is causing several active connections nobody coming from Windows 10 machines.

No, I didn't say that, I said you only use 'security = ADS' with an Active directory domain, and your link plainly shows a smb.conf for an NT4-style PDC.

idmap uid/gid have been deprecated for years, they really should be removed.

Now, I do not do mind reading and my crystal ball is on the fritz, so can you please post your smb.conf, so we can see how you think you are running Samba ;-)

I'm sorry for the delay in responding. It is the first time that I focus on samba in the company, before my focus was more on Zabbix and some databases (we have numerous responsibilities in the company's Network and Security department). So I'm studying samba now, the settings are (some names I changed to nas1234 to avoid risks, not sure):

#======================= Global Settings =====================================
[global]
server role = classic primary domain controller
workgroup = NAS1234
server string = Servidor Samba NAS1234
netbios name = NAS1234
netbios aliases = NAS1234
dos charset = CP850
unix charset = ISO8859-1
encrypt passwords = Yes
wide links = no
log file = /var/log/samba/samba.%m
preserve case = yes
short preserve case = yes
default case = lower
time server = yes
max connections = 0
deadtime = 1
keepalive = 120
utmp = yes
remote browse sync = no
remote announce = no
log level = 2
security = user
printcap name = /etc/printcap
browseable = no
pid directory = /var/run/
printing = lprng
max log size = 5000
passdb backend = ldapsam:ldaps://ldap.nas1234.br
ldapsam:trusted = no
ldapsam:editposix = no
ldap ssl = off
ldap admin dn = cn=freenasbdc01,ou=DSA,dc=nas1234,dc=nas1234,dc=br
ldap suffix = dc=nas1234,dc=nas1234,dc=br
ldap group suffix = ou=groups
ldap user suffix = ou=people
ldap machine suffix = ou=machines
ldap idmap suffix = ou=Idmap
ldap passwd sync = yes
idmap uid = 2147483648-4294967294
idmap gid = 2147483648-4294967294
idmap backend = ldaps:ldaps://ldap.nas1234.br
ldap delete dn = no
bind interfaces only = yes
local master = yes
os level = 2
domain master = no
preferred master = no
domain logons = yes
name resolve order = wins lmhosts host bcast
wins server = 192.168.X.X
dns proxy = no
add machine script = /usr/local/sbin/smbldap-useradd -W "%u"
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"

#============================ Share Definitions ==============================
[Profiles]
root preexec = /bin/close.sh %U %m
root preexec close = yes
root postexec = /bin/change_perms.sh %U
root preexec = /bin/chklogon.sh %U %m A PROFILES
root preexec close = no
root postexec = /bin/chklogon.sh %U %m F PROFILES
read only = no
browseable = no
create mask = 0600
directory mask = 0700
csc policy = disable
force user = %U
profile acls = yes

[homes]
comment = Diretorios nas1234
browseable = no
writable = yes
public = no
follow symlinks = no
create mode = 0600
directory mode = 0700
valid users = %S
invalid users = nobody root bin daemon adm lp sync shutdown halt mail ftp rpc sshd gdm pop
# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
root preexec = /bin/netlogon.sh %U %m %d %a %R %I
root preexec close = no
comment = Network Logon Service
valid users = %U
path = /profiles/netlogon
guest ok = no
writable = no
force create mode = 0755
force directory mode = 0755
force create mode = 0755
force directory mode = 0755
browseable = no
locking = No

[tmp]
comment = Temporary file
path = /tmp
read only = yes

[netlogoff]
root postexec = /bin/netlogoff.sh %U %m %d %a %R %I
preexec close = no
comment = Network Logoff Service
valid users = %U
path = /profiles/netlogoff
guest ok = no
writable = no
force create mode = 0000
force directory mode = 0000
browseable = no
[folder-example]
comment = nas1234
path = /nas1234/nas1234
valid users = @nas1234, unas1234
force group = +nas1234
public = no
writable = yes
printable = no
guest ok = no
create mask = 0770
directory mask = 0770
vfs objects = recycle
recycle:repository = .trash
recycle:directory_mode = 0770
recycle:keeptree = yes
recycle:versions = yes
hosts allow = 192.168.x.x, 192.168.x.x

OK, that is a smb.conf for a NT4-style PDC or it would be if a couple of settings were changed. I take it that there isn't another machine running as the PDC (which would make this a BDC), if so, change:

domain master = no
preferred master = no

To:

domain master = yes
preferred master = yes

Change:

idmap uid = 2147483648-4294967294
idmap gid = 2147483648-4294967294

To:

idmap config * : backend = tdb
idmap config * : range = 2147483648-4294967294

Finally, add:

client min protocol = NT1
server min protocol = NT1

Restart Samba and see how you go on ;-)

Can I also suggest that you start making plans to upgrade to AD, Windows turns off SMBv1 by default and you need SMBv1 for your domain to work. Samba is also actively working on removing SMBv1. You are using smbldap-tools and this is a dead project, it only needs for Perl to do what Python has done and the scripts may stop working.

We actually have another NAS functioning as a PDC as well. The workgroup is the same.


If everything is working, apparently, well; what would the parameters below be used for correctly (I believe it is said to be obsolete, it is because these parameters are not having any effect)?