[Samba] UID - high need to lower it for a test user - active directory auth
Michael Wood
esiotrot at gmail.com
Fri Oct 23 01:38:10 MDT 2009
2009/10/23 James Kosin <james_kosin at cox.net>:
> ----- Original Message ----- From: "KJS" <lists at netzensolutions.com>
> Newsgroups: linux.samba
> Sent: Thursday, October 22, 2009 9:00 AM
> Subject: Re: [Samba] UID - high need to lower it for a test user - active
> directory auth
>
>
>> Hi Guys,
>>>
>>> I am having some problems with Active Directory users using a bit of
>>> software on our server, my AD users are authing via Winbind this works fine
>>> and the only difference I can see between a local user and an AD user is
>>> the fact the AD user has a MUCH higher UID, how can I create a user with a
>>> low UID to test this? I don't want to change them all yet as it might not
>>> be this that is causing the problem.
>>>
>>> Many Thanks,
>>> KJS
>
>
> What sort of problem are you having?
>
> The higher UID for non-local users is normal and shouldn't be touched in
> most cases. This is to keep the local UIDs different significantly from the
> ones that are not local.
> The only problem you may be having would be if you have a huge number of
> local users. In which case you would have to determine if it would be
> better to create all local account for everyone on the domain to keep from
> having problems. But, I seriously doubt this is the problem.
If it's a wild goose chase it's my fault. He is having trouble with
some commercial software when run by domain users instead of local
users.
The differences between them as far as I could tell are:
The local users all have UIDs and primary group IDs << 65536.
The domain users all have UIDs and primary group IDs >> 65536.
Also, the primary group name of the domain users is "Domain Users".
i.e. it has a space in it.
Since traditionally UIDs and GIDs were 16 bit numbers, I thought it
was possible that this commercial software somehow did not like the
large UIDs/GIDs.
Perhaps it would be easier to test a local user with a high UID and
primary group ID to see if that also does not work.
--
Michael Wood <esiotrot at gmail.com>
More information about the samba
mailing list