[Samba] userid shows 4294967295

Ole Traupe ole.traupe at tu-berlin.de
Mon Dec 7 19:39:27 UTC 2015

Am 07.12.2015 um 20:18 schrieb Rowland penny:
> On 07/12/15 18:55, Ole Traupe wrote:
>> I always wondered why to reserve 8000 IDs for built-in accounts. I 
>> see ~40 built-in groups in ADUC and 2 such users (Administrator and 
>> Guest)...
>> Ole
> There are more potential users and groups than that, but you are 
> correct, you do not actually need that number, it was based on this:
> Unix uses 0-999 for system users & groups (yes I know redhat used to 
> use 0-499, but they now use 0-999)

Ok, so I will have to face facts when migrating to CentOS 7. :-/

> ADUC starts Unix IDs at 10000
> If you use a range for the builtin users & groups above the domain 
> range, it could get in the way if your AD domain grows enough, so why 
> not put it below the AD range?
> If this is done, where to put it? You will probably require some Unix 
> users, so they will start at 1000, hence for ease, 2000 was chosen as 
> the start ID for the builtin range and as it could only go upto 9999, 
> this was chosen as the end number.

Makes sense. Stupid me thought: what a waste of (non-existent, 
non-material) space:

# idmap config *:range = 1000-1999
# idmap config domain:range = 2000-99999

> Rowland

Can I ask something related? Once I had used '23456' as uid for some 
test account, ADUC always wants to go that high, although I have plenty 
of space below that. Is there a way to get rid of this behavior?


More information about the samba mailing list