[Samba] suddenly change: idmap uid + gid

Rowland penny rpenny at samba.org
Sun Nov 3 15:48:26 UTC 2019

On 03/11/2019 15:06, Liste via samba wrote:
> Am 03.11.2019 um 09:42 schrieb Rowland penny via samba <samba at lists.samba.org>:
>> On 02/11/2019 23:18, Hilberg via samba wrote:
>>> Hi
>>> The server suddenly changed the uid + gid. this happened to times, yesterday and the week after. The default group at example
>>> The samba is a AD member where we have many users (>20 000) and we use autorid in that way
>>> [global]
>>>    security = ads
>>>    workgroup = CUSTOMER
>>>    realm = CUSTOMER.COM
>>>    winbind use default domain = yes
>>>    winbind enum users = yes
>>>    winbind enum group = yes
>>>    idmap config * : backend = autorid
>>>    idmap config * : range = 1000000-8999999999
>>> OS debian 10
>>> DC Microsoft
>>> At the moment I have two questions:
>>> Why this happened and is there a way to stop the disaster?
>>> Is there a quick way to repair the disaster? I infects the profile directory used with acl.
>>> thank you
>> Please do not post things like this to the samba-technical list.
>> As I said, you cannot use 'winbind use default domain = yes' with 'autorid', it makes all users and groups members of the same domain, this is probably what has happened here.
>> Remove the line, this should stop it happening again
>> If you have only one domain, then you shouldn't be using autorid, you should be using rid instead, unfortunately it is probably too late now.
> I have 4 trusted domains
> Builtin
> Hostname of Samba Servern
> Costumer
> costumerxy
> Custumer is the only primary

You can forget the first two, but because you have two domains (Costumer 
& costumerxy), YOU CANNOT USE 'winbind use default domain = yes' with 

If you have a user COSTUMER\fred and a user COSTUMERXY\fred, whilst they 
are different users, they will both get mapped to CUSTOMER\fred and as 
the ID is calculated from the user SID, the ID may change.


More information about the samba mailing list