[Samba] Numerically large UID issues (I think)

Patrick Goetz pgoetz at math.utexas.edu
Wed Mar 30 12:44:12 UTC 2022

I'm trying to do an Ubuntu 20.04 Samba-only (i.e. no sssd) deployment 
against the University's somewhat Rube Goldberg AD, and am running in to 
issues.  In particular

root at cns-khl-files:/etc# getent passwd pgoetz
root at cns-khl-files:/etc# getent passwd jm88942
root at cns-khl-files:/etc#

So, getent passwd works for me, but not for username jm88942.  Using 

PS C:\Users\cns-pgoetz> get-aduser pgoetz

DistinguishedName : CN=Goetz Patrick G 
Enabled           : True
ObjectClass       : user
ObjectGUID        : 8c30a807-88a1-4e68-8274-6cf88839223b
SamAccountName    : pgoetz
SID               : S-1-5-21-527237240-963894560-725345543-224688

PS C:\Users\cns-pgoetz> get-aduser jm88942

DistinguishedName : CN=XXX 
Enabled           : True
ObjectClass       : user
ObjectGUID        : f3c6665c-eee0-4f00-b514-f4c7a773a86f
SamAccountName    : jm88942
SID               : S-1-5-21-527237240-963894560-725345543-10188858

Notice that my RID is 224688 while jm88942's is numerically larger: 10188858

Here is the RID mapping from smb.conf:

    idmap config * : backend = tdb
    idmap config * : range = 3000-9999
    idmap config AUSTIN : backend = rid
    idmap config AUSTIN : range = 10000000-10999999

I had originally set the base to 1000000, noticed the problem and 
increased the base to 10000000, but this doesn't seem to have helped.

I'm only showing 2 examples, but I've tested a couple of other users 
with the same result.  RIDs < one million work, RIDs > one million don't.

Any ideas?  This is what I get on an sssd-based system:

root at kraken:~# getent passwd jm88942
jm88942:*:255188858:1007000513:McLellan Jason 

I thought sssd used the same RID -> UID mapping system that the Samba 
RID bank end uses, but the math doesn't work out:

   (jm88942) 255188858 - 10188858 = 245000000


root at kraken:~# getent passwd pgoetz
pgoetz:*:1562224688:1007000513:Goetz Patrick G 

   (pgoetz) 1562224688 - 224688 = 1562000000

so apparently not just adding a base value to the user's RID.

I'm hoping to not have to install sssd and spaghettify this system...

More information about the samba mailing list