[Samba] UID provided by rid idmap is out of the range imposed in smb.cof
acucciarre at cloudian.com
Fri Mar 1 11:21:07 UTC 2019
Thanks! that was actually the problem
Il 2/26/2019 2:19 PM, Rowland Penny via samba ha scritto:
> On Tue, 26 Feb 2019 13:57:06 +0100
> Andrea Cucciarre' via samba <samba at lists.samba.org> wrote:
>> I had a problem with Samba winbind id-mapping on a system that is
>> part of an AD domain.
>> In the smb.conf I have the following setting:
>> idmap config <domain> : backend = rid
>> idmap config <domain> : range = 1000000-3000000
>> idmap config <domain> : schema_mode = rfc2307
>> winbindd was failing to convert some user SID to UID and in the idmap
>> logs I have the following error:
>> Requested id (7003151) out of range (1000000 - 3000000). Filtered!
>> I have fixed the issue by increasing the range to 1000000-10000000.
>> So it appears that depending on the user SID, the UID generated
>> automatically by Samba rid could be out of the range imposed in
>> smb.conf. Is it a bug or I'm just misunderstanding?
> No, it isn't a bug, it is how it works, when you use the 'rid' backend
> the Unix ID is calculated by this:
> ID = RID - BASE_RID + LOW_RANGE_ID
> So from the info you provided, it becomes this:
> ID = 6003151 + 1000000
> ID = 7003151
> This is above the high range (3000000) and anything outside the range
> is ignored.
> It does say here:
> Under the heading: Planning the ID Ranges
> The ranges must be continuous and big enough to enable Samba to assign
> an ID for every future user and group created in the domain.
> It looks like you used the wrong range by not setting the high range
> high enough ;-)
More information about the samba