[Samba] group 'Domain User' has changed rid in a new server

Rowland Penny rpenny at samba.org
Mon Dec 19 14:47:42 UTC 2022

On 19/12/2022 13:17, Corrado Ravinetto via samba wrote:
> Hi at all
> After many time spent to investigate why my new dm don't enable access to everyone i found the problem: rid assigned to 'Domain user' is changed.
> On old samba server i have 'Domain user' with rid=513, in new server the rid for 'Domain user' is changed and is 110513.
> On each user i have 513 as PrimaryGroup and then i can't access to my new server, how can i change rid on new server ???
Let me guess, you are using the 'rid' idmap backend and you have a line 
similar to this in your smb.conf:

idmap config DOMAIN : range = 110000-???????

Where 'DOMAIN' is your workgroup name.

If so, then that it is how it is supposed to work, the groups (and 
users) ID is calculated from the RID and the low range:

ID = RID + low range

110513 = 513 + 110000

Lots of bad ideas were used in the past, using '513' to identify Domain 
Users was, in my opinion, a bad idea.

The easiest way out of this will be to write a script that checks for 
group ownership and chown any '513' to Domain Users.


More information about the samba mailing list