[Samba] Problems with groups, minimum gidnumber?

Rowland penny rpenny at samba.org
Fri May 15 15:48:29 UTC 2020

On 15/05/2020 16:33, Harald Hannelius wrote:
> If there's a way to copy the sambaNTPassword password-hash from the 
> LDAP for the Samba 3 DC with samba-tool I would have loved to find 
> that information long ago :)
Why do you need the sambaNTPassword ?
> So the "idmap config sad:range" is for both uid's and gid's? There's 
> no separate range for gid's?
No, they both use the same range.
> I have read these, and followed the instructions. What I don't 
> understand is why one user uid 510, gid 100 works with all groups and 
> another user with uid 527, gid 100 doesn't.
> What isn't clear is are really uid's and gid's in the same number 
> space in Samba? What if a user has the same uid as a group's gid?
Because the user or group object in AD has a unique SID, this is what 
counts for authentication.

As in most cases, it looks like you might have been better off creating 
a totally new AD domain with new Unix UID & GID numbers, this would have 
allowed you to get away for the big mistake that was made with NT4-style 
domains, using the RID as the Unix ID.


More information about the samba mailing list