[Samba] suddenly change: idmap uid + gid

Rowland penny rpenny at samba.org
Sun Nov 3 08:39:42 UTC 2019

On 02/11/2019 23:18, Hilberg via samba wrote:
> Hi
> The server suddenly changed the uid + gid. this happened to times, 
> yesterday and the week after. The default group at example
> The samba is a AD member where we have many users (>20 000) and we use 
> autorid in that way
> [global]
>   security = ads
>   workgroup = CUSTOMER
>   realm = CUSTOMER.COM
>   winbind use default domain = yes
>   winbind enum users = yes
>   winbind enum group = yes
>   idmap config * : backend = autorid
>   idmap config * : range = 1000000-8999999999
> OS debian 10
> DC Microsoft
> At the moment I have two questions:
> Why this happened and is there a way to stop the disaster?
> Is there a quick way to repair the disaster? I infects the profile 
> directory used with acl.
> thank you
Please do not post things like this to the samba-technical list.

As I said, you cannot use 'winbind use default domain = yes' with 
'autorid', it makes all users and groups members of the same domain, 
this is probably what has happened here.

Remove the line, this should stop it happening again

If you have only one domain, then you shouldn't be using autorid, you 
should be using rid instead, unfortunately it is probably too late now.

As to how you fix your permissions, I fear this will have to be done 
manually, you will have to identify which folder or file belongs to 
which user/group.

Samba does not create Unix IDs on Unix domain members, it either uses 
rfc2307 attributes stored in AD (if using the winbind 'ad' backend) or 
it calculates the ID from the AD objects SID


More information about the samba mailing list