[Samba] idmap range and xidNumber

Rowland penny rpenny at samba.org
Sat Feb 29 17:10:30 UTC 2020


On 29/02/2020 16:30, Alexander Kushnirenko wrote:
>
> You are right, this is used on Unix domain member
I know I am right, I put that in the wiki ;-)
>
> Well on DC I see files owned by unix user with UID=3000000 in 
> /var/lib/samba/sysvol/, and when I look on the same SYSVOL share from 
> windows world I see that the file is owned by BUILTIN\Administrator 
> user corresponding to SID=S-1-5-32-544
No you don't, look closer, I am sure you will find that there is an 's' 
on the end of 'Administrator', the RID for 'Administrator is '500'
>
> (For some reason I can not set flie owner to BUILTIN\Administrator on 
> Unix Domain member share from windows, though it does not worry me too 
> much)
I would be worried if you could use Administrator on any Samba domain 
machine.
>
> The question perhaps what Unix users correspond to those BUILTIN users 
> on unix domain member which correspond to range:
> > idmap config * : range = 3000-7999
> I could not find any.

Ah, read this:

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab

>
> As on unix domain member I get:
> UDM# wbinfo -S S-1-5-32-544
> failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not convert sid S-1-5-32-544 to uid
> I shoud mention that for "oridinary" domain users this commands work 
> in both directions UID <--> SID
Good.
>
> UDM# wbinfo -U 3000
> failed to call wbcUidToSid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not convert uid 3000 to sid
That doesn't work for me either and I don't worry about it ;-)
>
> UDM# wbinfo -U 3000000
> failed to call wbcUidToSid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not convert uid 3000000 to sid

I would be worried if that did work.

Please post your smb.conf files, I have this feeling you have mistakes 
in them :-(

Rowland




More information about the samba mailing list