Web lists-archives.com

Re: [Samba] UID provided by rid idmap is out of the range imposed in smb.cof




Thanks! that was actually the problem

Andrea


Il 2/26/2019 2:19 PM, Rowland Penny via samba ha scritto:
On Tue, 26 Feb 2019 13:57:06 +0100
Andrea Cucciarre' via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hello,

I had a problem with Samba winbind id-mapping  on a system that is
part of an AD domain.
In the smb.conf I have the following setting:

idmap config <domain> : backend = rid
idmap config <domain> : range = 1000000-3000000
idmap config <domain> : schema_mode = rfc2307

winbindd was failing to convert some user SID to UID and in the idmap
logs I have the following error:

Requested id (7003151) out of range (1000000 - 3000000). Filtered!

I have fixed the issue by increasing the range to 1000000-10000000.
So it appears that depending on the user SID, the UID generated
automatically by Samba rid could be out of the range imposed in
smb.conf. Is it a bug or I'm just misunderstanding?

No, it isn't a bug, it is how it works, when you use the 'rid' backend
the Unix ID is calculated by this:

ID = RID - BASE_RID + LOW_RANGE_ID

So from the info you provided, it becomes this:

ID = 6003151 + 1000000

ID = 7003151

This is above the high range (3000000) and anything outside the range
is ignored.

It does say here:

https://wiki.samba.org/index.php/Idmap_config_rid

Under the heading: Planning the ID Ranges

The ranges must be continuous and big enough to enable Samba to assign
an ID for every future user and group created in the domain.

It looks like you used the wrong range by not setting the high range
high enough ;-)

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba