[Samba] Strange GID and UID with winbindd + Samba AD DC

Harry Jede walk2sun at arcor.de
Fri Mar 14 04:23:23 MDT 2014


On 10:43:12 wrote Chan Min Wai:
> Dear Rowland and Steve,
> 
> Thank you for the help.
> So confirm that there is nothing wrong with my configuration.
no

> But a Bugs in winbind. :)
No, i do not think so. 

> Yea :)
> 
> Thank again.

Group mapping is one of the complex things in samba.
Your configuration may or may not work. It depends on your needs.

i.e. you try to configure a member server. Fine.

your setup:

sqlservermssqlserveradhelperuser$win2k8srv01:x:4294967295:
allowed rodc password replication group:x:4294967295:
enterprise read-only domain controllers:x:4294967295:
sqlserver2005sqlbrowseruser$win2k8srv01:x:4294967295:
denied rodc password replication group:x:4294967295:krbtgt
read-only domain controllers:x:4294967295:
group policy creator owners:x:4294967295:administrator
and so on...


All these groups has the same gidnumber. So for an posix filesystem all 
are the same, but with different names and different members. The winner 
is ??
One may ask an oracle?


You have asked:
There are some strange value UID/GID
4294967295 <-- what number is this?

Short answer:
(4294967295+1)/1024/1024/1024=4

4 billion is the highest integer your OS supports.
This number (minus 1) comes from the idmapping stuff.


All your BUILTIN groups have the same gidnumber. So fix your config as 
Rowland posted before.

Think about "each group mmust have a unique gidnumber, on all servers in 
your domain and if you use multiple domains all BUILTIN groups may have 
a uniq gidnumber which should be the same for all domains"


-- 

Regards
	Harry Jede


More information about the samba mailing list