[Samba] idmap range and xidNumber
Alexander Kushnirenko
kushnirenko at gmail.com
Sat Feb 29 14:15:19 UTC 2020
Hello,
There recommended range in Samba4 share for BUILTIN users is usually (from
Samba wiki)
# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use a read-write-enabled back end, such as tdb.
idmap config * : backend = tdb
idmap config * : range = 3000-7999
but if we check for BUIlTIN\administrators in idmap.tdb on PDC we have
# record 59
dn: CN=S-1-5-32-544
cn: S-1-5-32-544
objectClass: sidMap
objectSid: S-1-5-32-544
type: ID_TYPE_BOTH
xidNumber: 3000000
distinguishedName: CN=S-1-5-32-544
So xidNumber is our of idmap range.
Does this mean that the domain is minconfigured?
Alexander
More information about the samba
mailing list