[Samba] Numerically large UID issues (I think)

Patrick Goetz pgoetz at math.utexas.edu
Wed Mar 30 15:39:39 UTC 2022


Thanks, Roland -  that was the problem.

They've generated over 12 million RIDs with over 32,000 in the last 
month alone.  I went with

    idmap config AUSTIN : range = 10000000-40000000

as this server is likely going to be in production for a long time.

On 3/30/22 08:34, Rowland Penny via samba wrote:
> On Wed, 2022-03-30 at 07:44 -0500, Patrick Goetz via samba wrote:
>> I'm trying to do an Ubuntu 20.04 Samba-only (i.e. no sssd)
>> deployment
>> against the University's somewhat Rube Goldberg AD, and am running in
>> to
>> issues.  In particular
>>
>> root at cns-khl-files:/etc# getent passwd pgoetz
>> pgoetz:*:10224688:10000513::/home/pgoetz:/bin/bash
>> root at cns-khl-files:/etc# getent passwd jm88942
>> root at cns-khl-files:/etc#
>>
>> So, getent passwd works for me, but not for username jm88942.  Using
>> Powershell:
>>
>> ------------------------------------------
>> PS C:\Users\cns-pgoetz> get-aduser pgoetz
>>
>> DistinguishedName : CN=Goetz Patrick G
>> (pgoetz),OU=Austinites,OU=People,DC=austin,DC=utexas,DC=edu
>> Enabled           : True
>> ObjectClass       : user
>> ObjectGUID        : 8c30a807-88a1-4e68-8274-6cf88839223b
>> SamAccountName    : pgoetz
>> SID               : S-1-5-21-527237240-963894560-725345543-224688
>>
>>
>> PS C:\Users\cns-pgoetz> get-aduser jm88942
>>
>> DistinguishedName : CN=XXX
>> (jm88942),OU=Austinites,OU=People,DC=austin,DC=utexas,DC=edu
>> Enabled           : True
>> ObjectClass       : user
>> ObjectGUID        : f3c6665c-eee0-4f00-b514-f4c7a773a86f
>> SamAccountName    : jm88942
>> SID               : S-1-5-21-527237240-963894560-725345543-10188858
>> ------------------------------------------
>>
>> Notice that my RID is 224688 while jm88942's is numerically larger:
>> 10188858
>>
>> Here is the RID mapping from smb.conf:
>>
>>      idmap config * : backend = tdb
>>      idmap config * : range = 3000-9999
>>      idmap config AUSTIN : backend = rid
>>      idmap config AUSTIN : range = 10000000-10999999
>>
>> I had originally set the base to 1000000, noticed the problem and
>> increased the base to 10000000, but this doesn't seem to have helped.
> 
> Sorry but that will not help, you should have raised the high range.
> The rid idmap backend uses this calculation:
> 
> ID = RID - BASE_RID + LOW_RANGE_ID
> 
> The BASE_RID is 0 unless you set it in smb.conf, so that becomes:
> 
> ID = RID + LOW_RANGE_ID
> 
> Which in your case is:
> 
> 11188858 = 10188858 + 1000000
> 
> And '11188858' is larger than your high range '10999999'. This means it
> will be ignored, just add a '9' to the end of your high range (and put
> the low range back to what it was.
> 
> Rowland
> 
> 
> 



More information about the samba mailing list