[Samba] ID Mapping

Peter Milesson miles at atmos.eu
Thu Nov 5 17:30:40 UTC 2020

On 2020-11-04 23:14, O'Connor, Daniel via samba wrote:
>> On 4 Nov 2020, at 20:19, Rowland penny via samba <samba at lists.samba.org> wrote:
>> On 04/11/2020 00:14, O'Connor, Daniel wrote:
>>> Hmm, you say 'uidNumber' but I have xidNumber:
>>> # editing 1 records
>>> # record 1
>>> dn: CN=S-1-5-21-1638907138-195301586-368347949-3088
>>> cn: S-1-5-21-1638907138-195301586-368347949-3088
>>> objectClass: sidMap
>>> objectSid: S-1-5-21-1638907138-195301586-368347949-3088
>>> type: ID_TYPE_BOTH
>>> xidNumber: 1044
>>> distinguishedName: CN=S-1-5-21-1638907138-195301586-368347949-3088
>> You are looking in the wrong database 😁
>> 'xidNumber'  attributes are only used on an AD DC and found in idmap.ldb, you should be looking in sam.ldb
> This is an AD DC though (it is also the file server)
>> If you want your users to have the same ID everywhere, you must add a unique uidNumber attribute to each user that you want to be visible on Unix, you must also give the Domain Users group a gidNumber attribute. These will override the 'xidNumber' attributes on the DC and you must use the winbind 'ad' backend on Unix domain members.
> This is only a very small office so I'm trying to avoid having a second install just for the AD DC.
> --
> Daniel O'Connor
> "The nice thing about standards is that there
> are so many of them to choose from."
>   -- Andrew Tanenbaum
Hi Daniel,

May I suggest that you setup a virtual machine somewhere in the network 
with just the AD DC and FSMO roles? A 20GB VM with Debian 10 is more 
than sufficient. Also, the operating requirements are really tiny.

I have setup a couple of small domains like that, using RSAT for 
administration (shares, GPOs). Works like a charm. Both the domains are 
similar, a bunch of Windows 10 Pro workstations, and a common Samba file 
server (domain member).

Best regards,


More information about the samba mailing list