[Samba] idmap range and xidNumber
Rowland penny
rpenny at samba.org
Sat Feb 29 17:10:30 UTC 2020
On 29/02/2020 16:30, Alexander Kushnirenko wrote:
>
> You are right, this is used on Unix domain member
I know I am right, I put that in the wiki ;-)
>
> Well on DC I see files owned by unix user with UID=3000000 in
> /var/lib/samba/sysvol/, and when I look on the same SYSVOL share from
> windows world I see that the file is owned by BUILTIN\Administrator
> user corresponding to SID=S-1-5-32-544
No you don't, look closer, I am sure you will find that there is an 's'
on the end of 'Administrator', the RID for 'Administrator is '500'
>
> (For some reason I can not set flie owner to BUILTIN\Administrator on
> Unix Domain member share from windows, though it does not worry me too
> much)
I would be worried if you could use Administrator on any Samba domain
machine.
>
> The question perhaps what Unix users correspond to those BUILTIN users
> on unix domain member which correspond to range:
> > idmap config * : range = 3000-7999
> I could not find any.
Ah, read this:
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab
>
> As on unix domain member I get:
> UDM# wbinfo -S S-1-5-32-544
> failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not convert sid S-1-5-32-544 to uid
> I shoud mention that for "oridinary" domain users this commands work
> in both directions UID <--> SID
Good.
>
> UDM# wbinfo -U 3000
> failed to call wbcUidToSid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not convert uid 3000 to sid
That doesn't work for me either and I don't worry about it ;-)
>
> UDM# wbinfo -U 3000000
> failed to call wbcUidToSid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not convert uid 3000000 to sid
I would be worried if that did work.
Please post your smb.conf files, I have this feeling you have mistakes
in them :-(
Rowland
More information about the samba
mailing list