[Samba] idmap config - no more ids left

Reischl, Christian christian.reischl at ivv.fraunhofer.de
Wed Feb 23 20:45:47 UTC 2022


I'm using SAMBA 4.13.13+dfsg-1~deb11u2 and Winbind on three servers running Debian 11. They're joined to a 2019 Windows domain using the rid idmap backend. It worked well for many years but now I ran out of ids for mapping users.

My config looks like this:
idmap config * : backend = tdb
idmap config * : range = 1000000-1999999
idmap config DOMAIN1 : backend = rid
idmap config DOMAIN1 : range = 10000-49999
idmap config DOMAIN2 : backend = rid
idmap config DOMAIN2 : range = 50000-99999
idmap config DOMAIN3 : backend = rid
idmap config DOMAIN3 : range = 100000-149999

DOMAIN1 has too many ids to fit in the configured range. Newly created users cannot access the shares.

"wbinfo -u | grep test" lists my new test user just fine: DOMAIN1\test
"wbinfo -i "DOMAIN1\test" only states: Could not get info for user DOMAIN1\test
result of "wbinfo -S xxx": Could not convert sid xxx to uid

All commands complete successfully using older user accounts.

Is there a way to increase the range without messing up the file permissions?

Kind regards,

More information about the samba mailing list