[Samba] Problem with AD & idmap

Adam Thorn alt36 at cam.ac.uk
Thu Mar 3 14:02:48 UTC 2022

On 03/03/2022 13:22, L. van Belle via samba wrote:
> And..  Small side note, this is different per distro.
> cat /etc/adduser.conf |grep UID
> # FIRST_SYSTEM_[GU]ID to LAST_SYSTEM_[GU]ID inclusive is the range for UIDs
> # package, may assume that UIDs less than 100 are unallocated.
> # FIRST_[GU]ID to LAST_[GU]ID inclusive is the range of UIDs of dynamically
> FIRST_UID=1000
> LAST_UID=29999
> So, based on that, (*a Debian Buster server)..
> Try to avoid these system ranges or at least think about these..

One might also have systemd services that make use of "Dynamic Users":


systemd expects to be able to use UIDs in the range 61184–65519 and I 
don't believe that's configurable. Whilst it's OK to use some UIDs in 
that range because (quoting from the above link)...

"You might wonder what happens if you already used UIDs from the 
61184–65519 range on your system for other purposes. systemd should 
handle that mostly fine, as long as that usage is properly registered in 
the user database: when allocating a dynamic user we pick a UID, see if 
it is currently used somehow, and if yes pick a different one, until we 
find a free one. Whether a UID is used right now or not is checked 
through NSS calls"

...if you were to assign most of that UID range to users which NSS will 
say are in use, it might cause problems for your systemd services.


More information about the samba mailing list