[Samba] Back with my UID problems

Nigel W nigel.w at nosun.ca
Thu Feb 26 19:45:31 MST 2015


Hello Brett,

On Thu, Feb 26, 2015 at 6:10 PM, Brett Wynkoop <wynkoop+samba at wynn.com>
wrote:
>
> Where does your "Wisdom" about no UID below 1000 come from?
>
I would guess it comes from distros (mostly the Linux ones) staticly
assigning UID and GIDs to certain services to make the package managers job
easier.

But if your existing system has userids below that number, then you should
no problem from that, but is it something to be aware if you add more
modern clients.

>
> I would submit that if Samba can not do this then Samba 4 is broken.
> What is even more broken is that samba-tool silently accepted 34 as a
> UID and created the samba user.  If UIDs below 1000 are forbidden then a
> properly written program would have thrown an exception.
>
Numbers out of a specific range are masked out by idmap.  It seems to be
10000-20000 is the default range, presumably to avoid problems of domain
users getting access to data owned by system services that they should not
be able to.  You can change this range though, the member server setup wiki
page[1] explains it well enough.  I am not aware of an actual code
restriction on the ID range, but I am also not a developer.

[1] https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server#RFC2307

Hope this helps,


More information about the samba mailing list