[Samba] What is the Uid in smbstatus command?

Rowland Penny rpenny at samba.org
Wed May 11 15:47:00 UTC 2022 

On Wed, 2022-05-11 at 16:28 +0100, Rowland Penny via samba wrote:
> On Wed, 2022-05-11 at 15:11 +0000, Jim Brand wrote:
> > There is a problem with your uid, in your smb.conf you posted this:
> > 
> > You are saying that your uid (or ID) is '3578', but :
> > 
> > 3578 != 7880
> > 
> > So where is it coming from ????
> > 
> > 3578 is UID from AD and local on the box.   Our organization
> > requires
> > local userids on all servers(!)  The only time we join AD on Linux
> > is
> > for Samba.
> 
> The smb.conf that you posted in your first post is from a Unix domain
> member. You do not have 'local users' (users in /etc/passwd) that are
> also in AD e.g. you do not have the user 'fred' in /etc/passwd and in
> AD. If you do have the same usernames in both, the local user will be
> used before the AD users and the two users are totally different
> users
> even if they are both called 'fred'.
> > Since our Samba files normally match UID/GID in /etc/passwd, not
> > RID
> > + Offset I assume ' backend = rid' has never worked properly.
> 
> No your understanding of Samba seems to be the problem, you seem to
> be
> treating Samba as a standalone server (which, from your sample
> smb.conf
> , it isn't) and a Unix domain member.
> 
> >   Since we want UIDs to match /etc/passwd I'm going to try again to
> > get Samba working with ad backend.
> 
> If you go down this path (just use the Unix ID's for the uidNumber or
> gidNumber attributes in AD), remove the users from /etc/passwd, you
> will no longer require them.
> 
> 
> > Or we can stick with
> >     security = DOMAIN
> > which gives us the desired behavior.   Only problem is when servers
> > reboot we have to rejoin the domain.   Security = ADS solved that.
> 
> Do not use 'security = DOMAIN', it requires SMBv1 and this will be
> removed from Samba.
> 
> Rowland


Just to prove what I saying is true, I ran a few commands on a Unix
domain member:

First, am I a domain user:

rowland at devstation:~$ wbinfo -u | grep rowland
rowland

Okay, I am a domain user.

Is my username in /etc/passwd:

rowland at devstation:~$ cat /etc/passwd | grep rowland
rowland at devstation:~$

So my name isn't in /etc/passwd, so does the Unix OS know who I am :

rowland at devstation:~$ getent passwd rowland
rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash

Yes, it does.

I use the 'ad' idmap backend, but I would get a similar result with the
'autorid' or 'rid' idmap backends (only the numbers would change)
I can log into any of my Unix computers with the same username and
password and I only have to maintain those in one place, not 10, 20, 30
etc places.

Rowland

More information about the samba mailing list