[Samba] UID - high need to lower it for a test user - active directory auth

James Kosin james_kosin at cox.net
Mon Oct 26 21:36:45 MDT 2009

----- Original Message ----- 
From: "Michael Wood" <esiotrot at gmail.com>
To: "James Kosin" <james_kosin at cox.net>
Cc: "KJS" <lists at netzensolutions.com>; <samba at lists.samba.org>
Sent: Friday, October 23, 2009 3:38 AM
Subject: Re: [Samba] UID - high need to lower it for a test user - active 
directory auth

<<-- snip -->>
> What sort of problem are you having?
> The higher UID for non-local users is normal and shouldn't be touched in
> most cases. This is to keep the local UIDs different significantly from 
> the
> ones that are not local.
> The only problem you may be having would be if you have a huge number of
> local users. In which case you would have to determine if it would be
> better to create all local account for everyone on the domain to keep from
> having problems. But, I seriously doubt this is the problem.

If it's a wild goose chase it's my fault.  He is having trouble with
some commercial software when run by domain users instead of local

The differences between them as far as I could tell are:

The local users all have UIDs and primary group IDs << 65536.
The domain users all have UIDs and primary group IDs >> 65536.
Also, the primary group name of the domain users is "Domain Users".
i.e. it has a space in it.

Since traditionally UIDs and GIDs were 16 bit numbers, I thought it
was possible that this commercial software somehow did not like the
large UIDs/GIDs.

Perhaps it would be easier to test a local user with a high UID and
primary group ID to see if that also does not work.

Which applications?  I do know Microsoft Office products usually have some 
fine tuning when run with or without domain logins.

Other than that; we would need more specifics to answer your problem...

1)  You said the application being run was having problems, what error 
messages or problems?  Try to be as complete as possible.
2)  Name the application if possible?  Microsoft Excel, etc.
3)  If a custom application, what type of access is giving the problem? 
Database, text file, binary file, permissions, etc.
4)  Is the problem random or only with users on the domain as oppose to the 
local machine accounts?  The local machine accounts may have special 
permissions to access more features of the system.  If the special 
application is taking advantage of these features it may not like the domain 
5)  Calm down...

James Kosin

More information about the samba mailing list