[Samba] winbind generates a UID for a group
Rowland Penny
rpenny at samba.org
Wed Mar 9 08:16:23 UTC 2022
On Wed, 2022-03-09 at 03:01 -0300, Anderson Sampaio Mello via samba
wrote:
> Hello samba team.
>
> I have an AD DC server and winbind generates a UID for a group, for
> example
> Domain Admins has its GID mapped to a SID and also a UID equal to the
> GID
> mapped to the same SID.
>
> I understand the mapping from GID to SID, but why does it generate a
> UID
> for a group?
Because, while a group can own things on Windows, a Unix group cannot,
so the group is mapped to a user on a DC, it is known as 'ID_TYPE_BOTH'
>
> Example output of the wbinfo command:
>
> wbinfo --group-info domain\\domain\ admins
>
> Domain\domain admins:x:3000004:
The numbers in the '3000000' range are 'xidNumbers' and are only found
on Samba AD DCs and unless you sync idmap.ldb between Samba DCs, you
will get different IDs on different DC's
Rowland
More information about the samba
mailing list