samba - Mar 2022 - winbind generates a UID for a group

Hello samba team.

I have an AD DC server and winbind generates a UID for a group, for example
Domain Admins has its GID mapped to a SID and also a UID equal to the GID
mapped to the same SID.

I understand the mapping from GID to SID, but why does it generate a UID
for a group?

Example output of the wbinfo command:

wbinfo --group-info domain\\domain\ admins

Domain\domain admins:x:3000004:

wbinfo --user-info domain\\domain\ admins

Domain\domain admins:x:3000004:3000004::/home/Domain/domain
admins:/bin/false

The output of the commands: wbinfo --gid-to-sid and wbinfo --uid-to-sid
point to the SID of the domain admins group.

This happens with all domain and builtin groups as well.

The server has samba version 4.15.4 installed.

On Wed, 2022-03-09 at 03:01 -0300, Anderson Sampaio Mello via samba
wrote:
> Hello samba team.
> 
> I have an AD DC server and winbind generates a UID for a group, for
> example
> Domain Admins has its GID mapped to a SID and also a UID equal to the
> GID
> mapped to the same SID.
> 
> I understand the mapping from GID to SID, but why does it generate a
> UID
> for a group?
Because, while a group can own things on Windows, a Unix group cannot,
so the group is mapped to a user on a DC, it is known as 'ID_TYPE_BOTH'
> 
> Example output of the wbinfo command:
> 
> wbinfo --group-info domain\\domain\ admins
> 
> Domain\domain admins:x:3000004:
The numbers in the '3000000' range are 'xidNumbers' and are only
found
on Samba AD DCs and unless you sync idmap.ldb between Samba DCs, you
will get different IDs on different DC's

Rowland