[Samba] Back with my UID problems

Nigel W nigel.w at nosun.ca
Thu Feb 26 23:23:39 MST 2015

Hello Brett,

On Thu, Feb 26, 2015 at 9:01 PM, Brett Wynkoop <wynkoop+samba at wynn.com>

> I think I am still at a loss.  after having a look at that page I added
>         idmap uid = 34-1000
> to the smb4.conf file.  I then deleted user wynkoop, restarted samba
> and added user wynkoop again.  The UID incremented from where it had
> previously been.  Just to make sure I did the whole delete and add
> again another time.  The results of uploading files from smbclient are
> below:
> root at prd2:/usr/local/etc # ls -l /archive/test
> total 5
> -rw-r--r--  1 3000014  wheel  6148 Feb 22 03:37 .DS_Store
> -rw-r--r--  1 3000013  wheel   381 Feb 26 22:55 bar
> -rw-r--r--  1 3000012  wheel   381 Feb 26 22:45 foo
> -rw-r--r--  1 3000011  wheel   381 Feb 26 18:18 profile
> root at prd2:/usr/local/etc #
> It looks like the ids in the 3 million range are the local ids generated
by winbind when it needs a number.  I think the those are controlled by:

   idmap config *:backend = tdb
   idmap config *:range = 2000-9999

in the example on the wiki. But I have not tested this. At that though, in
this case, I don't think we care about the range of the auto generated ids

It had been too long since I fiddled with this, and I couldn't remember, so
I just tested on my scratch domain and I was able to get arbitrary ids to

I used the following smb.conf:
        workgroup = SAMDOM
        realm = samdom.example.com
        netbios name = ED1A5849-1CDE-4
        server role = active directory domain controller

        idmap_ldb:use rfc2307 = yes

idmap config SAMDOM:backend = ad
idmap config SAMDOM:schema_mode = rfc2307
idmap config SAMDOM:range = 100-99999

winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind refresh tickets = Yes

        path = /data/state/lib/samba/sysvol/samdom.example.com/scripts
        read only = No

        path = /data/state/lib/samba/sysvol
        read only = No

         path = /data/state/home/
         read only = No

It is a mostly default .conf file with references from:

With the above config, I created the user 'two' with the following command:

samba-tool user add two Passw0rd --uid-number=101 --gid-number=1\
    --login-shell=/bin/bash --home-directory=/home/two

One thing that tripped me up, --uid is for the username, --uid-number is
what we are interested in.

[root at ed1a5849-1cde-43ac-b7cd-4e165f9a6435 ~]# ls -l /data/state/home/two
total 1
-rwxr--r-- 1 two domain users 0 Feb 27 05:56 test.file
[root at ed1a5849-1cde-43ac-b7cd-4e165f9a6435 ~]# ls -ln /data/state/home/two
total 1
-rwxr--r-- 1 101 1 0 Feb 27 05:56 test.file

In my testing, I also found that there is a cache (or multiple) that I have
not found for these ids, and it seems from my testing that once a username
gets assigned an auto id, it will never get anything else, restarting samba
doesn't seem to help.  I found one cache in the samba datafolder called
winbind_cache.tdb but removing that doesn't seem to fix it either.  I do
recall some mention of this on this list in the last month, I cannot find
the email.  As I am not a developer of Samba, I have no idea where to look
from here to resolve this.

More information about the samba mailing list