[Samba] Samba3 sambaSID calculation from 32-bit uidNumber?

Harald Hannelius harald+samba at arcada.fi
Fri Mar 12 16:14:06 UTC 2021

On Fri, 12 Mar 2021, Rowland penny via samba wrote:

> On 12/03/2021 15:02, Harald Hannelius via samba wrote:
>> Does anyone know how the sambaSID suffix is calculated when the uidNumber 
>> is a 32-bit integer?
>> The formula was $uidNumber * 2 + 1000
>> When checking our current users, my uid 5xx checks out correct, but the 
>> ones that are larger than 65536 don't seem to follow that calculation.
>> Thanks,
>>   a dinosaur
> Sheesh, that is old 😁

Hey! Not *that* old...

> It was actually '1000 + ($UnixID * 2)' and the result (RID) was appended to 
> the end of the Samba created SID. As the largest Unix ID is 65536 (unless you 
> have changed it), I cannot see how you can have a RID greater than 132072.

Unix (And Linux) systems these days have 32-bit Unix ID numbers. Linux from 
2.4 in 2001 I think.

It isn't really an issue. We're shutting down the Samba+LDAP 3.6 domain but 
still have a service that checks passwords directly from the sambaNTPAssword 
attribute (freeradius).

I don't think it matters what I write into the "MUST" attribute of sambaSID, 
but I'm curious as always. It might work as well if we just use the same *2 
and + 1000 for 32-bit uidNumbers but my curiosity woke when I noticed that 
it doesn't match new users.


Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020

More information about the samba mailing list