[Samba] question about winbind rid idmaping

Rowland penny rpenny at samba.org
Thu Oct 29 11:20:30 UTC 2020

On 29/10/2020 11:04, Andrea Cucciarre' via samba wrote:
> Hello,
> I have just realized that winbind rid idmapping create the following 
> idmapping for user, below an example:
> # id HYPERFILE\\simone
> *uid=11663*(HYPERFILE\simone) gid=10513(HYPERFILE\domain users) 
> groups=10513(HYPERFILE\domain 
> users),*11663*(HYPERFILE\simone),3011(BUILTIN\users)
> I'm confused about group mapping 11663(HYPERFILE\simone), winbind 
> created a mapping for a group that has same name and id as the user, 
> although such group doesn't exist in my AD domain.
> This is causing issue in the ACL module that we are developing.
> Does anybody know why winbind behave that way?


I didn't think it could, the winbind 'rid' calculates the ID from the 
user or group RID and user & group names are unique. This means that you 
cannot have a user with the same name as a group, so you can only have 
one RID.

The only thing that I know that can 'create' usergroups is sssd, so are 
you using this as well ?

I think more info is required here, what OS ? What version of Samba ? 
Please post your smb.conf


More information about the samba mailing list