[Samba] idmap_rid/idmap_hash collisions?

Gerald Carter jerry at plainjoe.org
Wed Nov 11 06:59:26 MST 2009


Gerald Carter wrote:
> Hey Nick,
> Nick wrote:
>> Is it possible for the uid/gid numbers that are generated by the
>> idmap_rid and idmap_hash to collide if there are a large number of
>> users or groups?  I cannot seem to find any documentation on the
>> limitations of these plugins.  Before using I want to make absolutely
>> sure that there won't be any collisions.
> There is a small chance of collision based on the domain sid.
> In testing the mean average was about40 trusted domains but I've
> see it much lower on rare occasions.  Also, if the highest RID
> in your domain is > (as Volker points out) 2^19, the plugin will
> suffer from integer overflow.

Forgot to mention that's it pretty simple to test for domain SID
hashing collisions.  Just lookup "Administrator" in all domains
Each should have a unique uid.  For example:

$ for d in AD DEV ATLANTIS; do \
      getent passwd $d\\administrator | awk -F: '{print $3}';\

Hope this helps.

cheers, jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20091111/affffb80/attachment.pgp>

More information about the samba mailing list