[Samba] Samba AD-DC using existing user IDs for new machine accounts - idmap.ldb xidNumber

akanator111-smba at yahoo.com akanator111-smba at yahoo.com
Wed Jun 8 14:05:58 UTC 2022

I have an existing NFS share with data from many linux only user accounts. Those accounts were all in the 500-1000 user ID range. Now I've tried setting up Samba as an AD-DC and mapping the new users created there to their old user IDs so they have access to their files.

To map those user IDs, I first create a new user on the AD-DC and then edit the idmap.ldb via:
ldbedit -H /var/lib/samba/private/idmap.ldb objectsid=S-1-5-21-19...
... and set the xidNumber to their previous linux user ID. This works fine so far. Files are now owned by the Samba AD user.

Now the problem comes when I'm adding more machines to my AD domain. Samba seemingly gives out IDs for those machine accounts (hostname$) without checking if the ID is already in use by a user account, leading to files suddenly being owned by "hostname$" instead of the user. Manually changing the machineaccount xidNumber to something else fixes the problem for the moment, but as soon as new hosts join the AD, I can be almost sure it'll chose a user ID out of my user ID range (<1000), messing everything up again.

Does anyone have an idea on how to do this better? Maybe I can configure the range for new user/machine IDs somewhere so it does not intersect with my user ID range?

More information about the samba mailing list