[Samba] UID provided by rid idmap is out of the range imposed in smb.cof

Andrea Cucciarre' acucciarre at cloudian.com
Fri Mar 1 11:21:07 UTC 2019


Thanks! that was actually the problem

Andrea


Il 2/26/2019 2:19 PM, Rowland Penny via samba ha scritto:
> On Tue, 26 Feb 2019 13:57:06 +0100
> Andrea Cucciarre' via samba <samba at lists.samba.org> wrote:
>
>> Hello,
>>
>> I had a problem with Samba winbind id-mappingĀ  on a system that is
>> part of an AD domain.
>> In the smb.conf I have the following setting:
>>
>> idmap config <domain> : backend = rid
>> idmap config <domain> : range = 1000000-3000000
>> idmap config <domain> : schema_mode = rfc2307
>>
>> winbindd was failing to convert some user SID to UID and in the idmap
>> logs I have the following error:
>>
>> Requested id (7003151) out of range (1000000 - 3000000). Filtered!
>>
>> I have fixed the issue by increasing the range to 1000000-10000000.
>> So it appears that depending on the user SID, the UID generated
>> automatically by Samba rid could be out of the range imposed in
>> smb.conf. Is it a bug or I'm just misunderstanding?
>>
> No, it isn't a bug, it is how it works, when you use the 'rid' backend
> the Unix ID is calculated by this:
>
> ID = RID - BASE_RID + LOW_RANGE_ID
>
> So from the info you provided, it becomes this:
>
> ID = 6003151 + 1000000
>
> ID = 7003151
>
> This is above the high range (3000000) and anything outside the range
> is ignored.
>
> It does say here:
>
> https://wiki.samba.org/index.php/Idmap_config_rid
>
> Under the heading: Planning the ID Ranges
>
> The ranges must be continuous and big enough to enable Samba to assign
> an ID for every future user and group created in the domain.
>
> It looks like you used the wrong range by not setting the high range
> high enough ;-)
>
> Rowland
>




More information about the samba mailing list