[Samba] Problem with large uids

Andreas Hauffe andreas.hauffe at tu-dresden.de
Sat Oct 21 08:50:06 UTC 2017


I have two member server and both with Samba 4.6.7. I'm using winbind for NSS and PAM. One of the member server is exporting an NFS4 mount which the other member server is mounting. For users with an rid-mapped uid below some value everything works fine. If the uid is above this value the group permissions are not evaluated and I'm getting a permission denied if a folder or file is only accessable by group membership. I haven't evaluated the value exactly but it is below 100000. The problem is that there are RIDs above 100000. Is there a known limit for the uid?

The resolv.conf, nsswitch.conf and krb5.conf is taken from the wiki and just the domains are replace.

    security = ADS
    workgroup = SUBDOM
    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab
    template homedir = /home/%D/%U
    template shell = /bin/bash
    idmap config * : backend = tdb
    idmap config * : range = 3000-9999
    idmap config SUBDOM: backend = rid
    idmap config SUBDOM: range = 1000000-2000000 # UID aus RID für SUBDOM
    idmap config DOM : backend = rid
    idmap config DOM : range = 3000000-4000000 # UID aus RID für DOM

If I'm changing the range of SUBDOM to 10000-20000 and the uid of the user is in this range everything works fine. This does not happen using SSSD with large UID, that's why I asking if I did something wrong conntected to winbind. SSSD has other shortcomings.


More information about the samba mailing list