[Samba] autorid broken in samba 4.9?

Nathaniel W. Turner nate at houseofnate.net
Thu Apr 9 13:35:24 UTC 2020 

Hi all,

Thanks for the replies.

On Thu, Apr 9, 2020 at 3:54 AM L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:

> Good morning Rowland,
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Rowland penny via samba
> > Verzonden: donderdag 9 april 2020 9:46
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] autorid broken in samba 4.9?
> >
> > On 09/04/2020 08:34, L.P.H. van Belle via samba wrote:
> > > Show the servers there smb.conf that might help.
> > >
> > > And your using autorid..
> > > https://wiki.samba.org/index.php/Idmap_config_autorid
> > >
> > > Drawbacks: User and group IDs are not equal across Samba
> > domain members.
> > >
> > > TC84\administrator:*:1100500:1100513::/home/administrator at TC84
> > > TC83\administrator:*:1200500:1200513::/home/administrator at TC83
> > >
> > > 1200500-1100500 = 100000
> > >
> > > idmap config * : rangesize = 100000
> > >   The default value is 100000 !
> > >
> > > So this looks normal.. But i never used autorid so, im sure
> > if im wrong
> > > Someone will correct me ;-)
> >
> > Yes that is correct, they should be different across domains,
> > but they
> > shouldn't change if Samba is upgraded and this is what has
> > happened for
> > the OP.
>

Right, the mappings in the samba 4.8 case quoted look right to me too. What
I don'd understand is this:

TC84\administrator:*:2000500:2000513::/home/administrator at TC84:/bin/bash
TC83\administrator:*:10000:10000::/home/administrator at TC83:/bin/bash

I thought that because I have "idmap config * : range = 1000000-19999999",
that the lowest UID that idmap would allocate would be 1000000 (but here we
have 10,000 which is much less than 1,000,000).

> I wasn't going to reply on this subject because I do not know enough
> > about autorid and there doesn't seem to be  any changes to
> > the code that  could cause this. I did hope that one of  the other Samba
> > team members  would chime in.
>
> Hahaha.. Yeah.well, one did :-).
> And I was thinking the same but i felt sorry nobody replied him,
> so i gave it an attempt to help. I dont know much of the autorid part also,
> but lets give it a try.
>
> >
> > Perhaps seeing the OP's smb.conf might help and a bit more
> > info, is sssd running for instance ?
>
> Yeah, we really need the full smb.conf to tell more.
>

Sure, here's the whole thing (it's identical on both machines):

# Global parameters
[global]
        client signing = required
        debug pid = Yes
        debug prefix timestamp = Yes
        disable netbios = Yes
        dns proxy = No
        guest account = nfsnobody
        hostname lookups = Yes
        kerberos method = system keytab
        load printers = No
        local master = No
        log file = /var/log/samba/log.%m
        logging = file
        map to guest = Bad User
        max log size = 1000
        max open files = 32768
        preferred master = No
        realm = TC84.LOCAL
        security = ADS
        server min protocol = SMB2
        server string = xxxxxxx
        template homedir = /home/%U@%D
        template shell = /bin/bash
        unix extensions = No
        winbind offline logon = Yes
        winbind refresh tickets = Yes
        workgroup = TC84
        idmap config * : range = 1000000-19999999
        idmap config * : backend = autorid
        aio read size = 0
        aio write size = 0
        allocation roundup size = 0
        dfree cache time = 60
        level2 oplocks = No
        locking = No
        oplocks = No

More information about the samba mailing list