[Samba] Samba 4.10.6-1 Configuration on AIX

Rowland penny rpenny at samba.org
Thu Feb 13 08:10:50 UTC 2020

On 13/02/2020 06:54, Bob Wyatt wrote:
> Rowland,
> If you were up for another hint at rid versus ad... I'd like to understand a bit more.
> With rid, I map the administrator to root only... no mapping of users in AIX.
> How does Samba figure out that bobw at mydomain.com should use the samba user ID bobwsmb?

It calculates the Unix user or group ID from the objects RID in AD, 
combined with the lower range number set in smb.conf.

For instance, the SID for Domain Admins will be in this format:


The RID is the last set of numbers. For Domain Admins, this is always '512'

The Unix ID is calculated like this:


So, if the lower range number is 10000, this becomes:

ID = 512 + 10000

Which is:

ID = 10512

For more info, read 'man idmap_rid'

> If I use ad, I would use rfc2307 attributes to address that (I think).
If you use idmap_rid and use the same smb.conf on all Unix computers, 
you will get the same Unix ID's everywhere, except on Samba AD DC's. To 
get the same Unix ID's everywhere, including Samba AD DC's, you must use 
idmap_ad and add uidNumber & gidNumber attributes to AD.
> It seems more "specific" to use ad, but that's more from the "having some control" viewpoint than anything else.
> Ideally, the customer would still strive for low administration, so is rid more suited for that approach than ad?
> What are the reasons to use or choose to avoid rid or ad?

Hopefully I have answered that above ;-)


More information about the samba mailing list