[Samba] winbind generates a UID for a group

Kees van Vloten keesvanvloten at gmail.com
Wed Mar 9 08:58:54 UTC 2022

On 09-03-2022 09:16, Rowland Penny via samba wrote:
> On Wed, 2022-03-09 at 03:01 -0300, Anderson Sampaio Mello via samba
> wrote:
>> Hello samba team.
>> I have an AD DC server and winbind generates a UID for a group, for
>> example
>> Domain Admins has its GID mapped to a SID and also a UID equal to the
>> GID
>> mapped to the same SID.
>> I understand the mapping from GID to SID, but why does it generate a
>> UID
>> for a group?
> Because, while a group can own things on Windows, a Unix group cannot,
> so the group is mapped to a user on a DC, it is known as 'ID_TYPE_BOTH'
>> Example output of the wbinfo command:
>> wbinfo --group-info domain\\domain\ admins
>> Domain\domain admins:x:3000004:
> The numbers in the '3000000' range are 'xidNumbers' and are only found
> on Samba AD DCs and unless you sync idmap.ldb between Samba DCs, you
> will get different IDs on different DC's

It worries me that they are different per DC since files on sysvol use 
these IDs.
Is idmap.ldb part of the standard DC-sync or should I put something like 
rsync or osync in place similar to sysvol sync?

> Rowland

More information about the samba mailing list