[Samba] List of users seems truncated or incomplete in file server member of an Active Directory Domain
rpenny at samba.org
Mon Mar 15 15:31:18 UTC 2021
On 15/03/2021 15:12, David PAUGAM via samba wrote:
> Hello all, Rowland,
> thank you again for your help.
> It's now resolved.
> The cause was the difference between the ID range in Active Directory,
> which was high for the last accounts, and the range of the rid backend.
> Rid backend was set up to deliver RID numbers from 10 000 to 999 999
> And in Active Directory, the RID range is up to 3 200 000 . I don't
> know why it's so high, as I'm not the AD Admin.
i mentioned that in my second reply to this thread, I sort of expected
you to check 😁
As for why the RID's are so high, you could have over 3 million users,
groups etc, or you could have a lot of DC's that are replaced regularly
(you get a new rid pool on each new DC).
> So, I changed the smb.conf to
> idmap config MYDOM : backend = rid
> idmap config MYDOM : range = 10000-99999999
> And all the accounts are now available!
> Is there any risk of that high numbers?
Just as long as they are unique, then no.
More information about the samba