Re: [Samba] UID provided by rid idmap is out of the range imposed in smb.cof
- Date: Tue, 26 Feb 2019 13:19:19 +0000
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] UID provided by rid idmap is out of the range imposed in smb.cof
On Tue, 26 Feb 2019 13:57:06 +0100
Andrea Cucciarre' via samba <samba@xxxxxxxxxxxxxxx> wrote:
> I had a problem with Samba winbind id-mapping on a system that is
> part of an AD domain.
> In the smb.conf I have the following setting:
> idmap config <domain> : backend = rid
> idmap config <domain> : range = 1000000-3000000
> idmap config <domain> : schema_mode = rfc2307
> winbindd was failing to convert some user SID to UID and in the idmap
> logs I have the following error:
> Requested id (7003151) out of range (1000000 - 3000000). Filtered!
> I have fixed the issue by increasing the range to 1000000-10000000.
> So it appears that depending on the user SID, the UID generated
> automatically by Samba rid could be out of the range imposed in
> smb.conf. Is it a bug or I'm just misunderstanding?
No, it isn't a bug, it is how it works, when you use the 'rid' backend
the Unix ID is calculated by this:
ID = RID - BASE_RID + LOW_RANGE_ID
So from the info you provided, it becomes this:
ID = 6003151 + 1000000
ID = 7003151
This is above the high range (3000000) and anything outside the range
It does say here:
Under the heading: Planning the ID Ranges
The ranges must be continuous and big enough to enable Samba to assign
an ID for every future user and group created in the domain.
It looks like you used the wrong range by not setting the high range
high enough ;-)
To unsubscribe from this list go to the following URL and read the