[Samba] Best way to generate Unix UIDs and GIDs?

Rowland Penny rpenny at samba.org
Sun Jan 14 14:51:46 UTC 2018

On Sun, 14 Jan 2018 14:53:15 +0100
Yvan Masson via samba <samba at lists.samba.org> wrote:

> Hi,
> For a new samba domain, I need to create users and groups with Unix
> UIDs and GIDs.
> In the future, it is possible that there will be a trust with other
> domains, so I need to take care that there won't be any UID/GID
> conflict. Also, I assume that in the future Samba will be able to
> restore deleted objects, so I need to avoid conflicts with those
> objects as well.
> This makes me think that a good way would be to generate UIDs/GUIDs
> from SID. I know SSSD does it (apparently not ensuring
> consistency[1]), but I could not find a script that does only this.
> However, I found this python script[2] which seems to be what
> Centrify does.
> What do you think about all of this?
> Regards,
> Yvan
> 1.
> https://funinit.wordpress.com/2017/09/14/integrating-red-hat-with-active-directory/
> 2. https://gist.github.com/msmorul/11217186

Can I suggest you read this:


and this:


winbind will do what you require, I cannot comment on [1], sssd has
NOTHING to do with Samba. I also cannot recommend using [2], from
examining the script, it would appear that it would be possible to get
the same ID for two users from different domains e.g. if we take these



It appears the script would take a portion of the end of the SID, add
'0' the the RID, so they could be:

How would Samba and Unix tell them apart ?
Windows could tell the two SID-RIDs apart.


More information about the samba mailing list