[Samba] idmap_rid/idmap_hash collisions?
Gerald Carter
jerry at plainjoe.org
Wed Nov 11 06:59:26 MST 2009
Nick,
Gerald Carter wrote:
> Hey Nick,
>
> Nick wrote:
>> Is it possible for the uid/gid numbers that are generated by the
>> idmap_rid and idmap_hash to collide if there are a large number of
>> users or groups? I cannot seem to find any documentation on the
>> limitations of these plugins. Before using I want to make absolutely
>> sure that there won't be any collisions.
>
> There is a small chance of collision based on the domain sid.
> In testing the mean average was about40 trusted domains but I've
> see it much lower on rare occasions. Also, if the highest RID
> in your domain is > (as Volker points out) 2^19, the plugin will
> suffer from integer overflow.
Forgot to mention that's it pretty simple to test for domain SID
hashing collisions. Just lookup "Administrator" in all domains
Each should have a unique uid. For example:
$ for d in AD DEV ATLANTIS; do \
getent passwd $d\\administrator | awk -F: '{print $3}';\
done
181928436
557842932
1658323444
Hope this helps.
cheers, jerry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20091111/affffb80/attachment.pgp>
More information about the samba
mailing list