[Samba] UNIX attribute UID no longer increments with RSAT

[lingpanda101 at gmail.com]

On 8/8/2016 9:32 AM, Rowland Penny wrote:
> On Mon, 8 Aug 2016 08:52:39 -0400
> "lingpanda101 at gmail.com" <lingpanda101 at gmail.com> wrote:
>
>> Hello,
>>
>>       I'm using rfc2307 to enable Unix attributes on my DC's. Recently
>> when adding a user and attempting to add a UID with the RSAT, I
>> receiving the following error.
>>
>> 'Duplicate UID. Assign a uniqueUID.'
>>
>> How do I list all users and their UID? I tried using 'pdbedit' and
>> wbinfo. Pdbedit appears to list the XID's and wbinfo needs me to
>> specify a user name. I need to confirm all users have a unique UID
>> before moving forward to troubleshoot this issue. Thanks.
>>
> What version of windows is this ?
>
> When you used to add a uidNumber with the UNIX Attributes tab, the last
> uid used was stored in an attribute in AD, this attribute was created
> if it didn't exist, has windows stopped doing this ?
>
> The attribute in question is 'msSFU30MaxUidNumber' (there is another
> one for groups 'msSFU30MaxGidNumber') and this is stored in the AD
> object to be found at:
> CN=<Your
> lowercase
> NETBios
> domain
> name>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=your,DC=dns,DC=domain
>
> Rowland
>
>

This is with Windows 7.

I found the issue. I have another admin who creates users in AD. This 
user did not have the proper permissions to update this attribute with 
RSAT. I can't recall the error they received, but it mentioned not 
having permissions to update this field( I will get so as to post and 
update in this thread). Event though they were advised they do not have 
permissions, the UID was updated in Samba anyways(Possible security 
bug?). I verified it was in samba by using wbinfo.

To correct the issue, I manually incremented the new users UID to the 
next available one in Samba. This allowed RSAT to automatically 
increment the UID on a subsequent user I tested on.


-- 
-James