[Samba] ID Mapping

O'Connor, Daniel darius at dons.net.au
Tue Nov 3 12:17:10 UTC 2020

> On 3 Nov 2020, at 19:55, Rowland penny via samba <samba at lists.samba.org> wrote:
> On 03/11/2020 08:54, Stefan Kania via samba wrote:
>> Am 03.11.20 um 05:38 schrieb O'Connor, Daniel via samba:
>>> Hi,
>>> I have a Samba 4.11.8 system running as an AD and a file server and I am wondering what sort of ID mapping is done in this situation.
>>> I have uidNumber on each user set to use UIDs in the 1000 range but I find that they end up in the 3000000 range instead.
>>> Is this a fixable problem, or a result of having the file server and DC as the same machine?
>>> Thanks.
>> On an DC the mapping starts allway with 3.000.000 you cant change it.
>> That's the reason why you should not use a DC as fileserver
> Sorry, but that isn't entirely true. On a DC users & groups are mapped to numbers in the '3000000' range via idmap.ldb, but you can override these numbers by giving your users a uidNumber and giving Domain Users a gidNumber.
> root at dc4:~# getent passwd rowland
> SAMDOM\rowland:*:10000:10000::/home/SAMDOM/users/rowland:/bin/bash

I tried setting uidNumber et al via the active directory editor and samba-ldbedit, however the mapping doesn't seem to change so I am wondering if it ends up stored somewhere else in the AD case.

> The OP is using numbers in the '1000' range, this is something I wouldn't do, it leaves no space for local Unix users.

These were migrated from an old (Samba 3 era) install, so it's vintage now ;)

Daniel O'Connor
"The nice thing about standards is that there
are so many of them to choose from."
 -- Andrew Tanenbaum

More information about the samba mailing list