[Samba] Samba3 sambaSID calculation from 32-bit uidNumber?
Rowland penny
rpenny at samba.org
Fri Mar 12 16:35:36 UTC 2021
On 12/03/2021 16:14, Harald Hannelius wrote:
>
> On Fri, 12 Mar 2021, Rowland penny via samba wrote:
>
>> On 12/03/2021 15:02, Harald Hannelius via samba wrote:
>>>
>>>
>>> Does anyone know how the sambaSID suffix is calculated when the
>>> uidNumber is a 32-bit integer?
>>>
>>> The formula was $uidNumber * 2 + 1000
>>>
>>> When checking our current users, my uid 5xx checks out correct, but
>>> the ones that are larger than 65536 don't seem to follow that
>>> calculation.
>>>
>>> Thanks,
>>>
>>> a dinosaur
>>>
>>
>> Sheesh, that is old 😁
>
> Hey! Not *that* old...
>
>> It was actually '1000 + ($UnixID * 2)' and the result (RID) was
>> appended to the end of the Samba created SID. As the largest Unix ID
>> is 65536 (unless you have changed it), I cannot see how you can have
>> a RID greater than 132072.
>
> Unix (And Linux) systems these days have 32-bit Unix ID numbers. Linux
> from 2.4 in 2001 I think.
They might have, but (on Debian):
grep '^UID_MAX' /etc/login.defs | awk '{print $NF}'
produces:
60000
>
> It isn't really an issue. We're shutting down the Samba+LDAP 3.6
> domain but still have a service that checks passwords directly from
> the sambaNTPAssword attribute (freeradius).
Wise decision, everything about that has 'INSECURE' written all over it 😂
>
> I don't think it matters what I write into the "MUST" attribute of
> sambaSID, but I'm curious as always. It might work as well if we just
> use the same *2 and + 1000 for 32-bit uidNumbers but my curiosity woke
> when I noticed that it doesn't match new users.
>
Yes, it shouldn't matter, but if you are scripting user & group
creation, then the method shouldn't have changed.
Rowland
More information about the samba
mailing list