[Samba] UID provided by rid idmap is out of the range imposed in smb.cof
Rowland Penny
rpenny at samba.org
Tue Feb 26 13:19:19 UTC 2019
On Tue, 26 Feb 2019 13:57:06 +0100
Andrea Cucciarre' via samba <samba at lists.samba.org> wrote:
> Hello,
>
> I had a problem with Samba winbind id-mappingĀ on a system that is
> part of an AD domain.
> In the smb.conf I have the following setting:
>
> idmap config <domain> : backend = rid
> idmap config <domain> : range = 1000000-3000000
> idmap config <domain> : schema_mode = rfc2307
>
> winbindd was failing to convert some user SID to UID and in the idmap
> logs I have the following error:
>
> Requested id (7003151) out of range (1000000 - 3000000). Filtered!
>
> I have fixed the issue by increasing the range to 1000000-10000000.
> So it appears that depending on the user SID, the UID generated
> automatically by Samba rid could be out of the range imposed in
> smb.conf. Is it a bug or I'm just misunderstanding?
>
No, it isn't a bug, it is how it works, when you use the 'rid' backend
the Unix ID is calculated by this:
ID = RID - BASE_RID + LOW_RANGE_ID
So from the info you provided, it becomes this:
ID = 6003151 + 1000000
ID = 7003151
This is above the high range (3000000) and anything outside the range
is ignored.
It does say here:
https://wiki.samba.org/index.php/Idmap_config_rid
Under the heading: Planning the ID Ranges
The ranges must be continuous and big enough to enable Samba to assign
an ID for every future user and group created in the domain.
It looks like you used the wrong range by not setting the high range
high enough ;-)
Rowland
More information about the samba
mailing list