On 28/06/2019 04:33, Rob Thoman via samba wrote:> Hi,
>
> Not sure if this has been asked before.
>
> When we create new users in our AD box, they get the UIDs in high 30000
> range.
No you don't, you get 'xidNumber' attributes in the
'3000000' range set
in idmap.ldb. These are only used on Samba AD DC's> Is this normal?
Yes> If yes, can we change the starting range?
Not without changing the Samba code ;-)>
> We migrated using ClassicUpgrade, now running Ubuntu 18.04 VM
>
> The smb.conf looks like
>
> workgroup = ADDOM
> realm = ADDOM.COM
> netbios name = WNAD01
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> log file = /var/log/samba/log.%m
> log level = 1
> winbind nss info = rfc2307
Why have you got the deprecated 'winbind nss-info' line meant for a Unix
domain member in your AD DC smb.conf ?> server services = -dns
>
>
> The samba wiki page says using RSAT(Win10) we cannot modify the Unix
> attributes so cannot confirm or change
You can actually, just not as easy as using the Unix Attributes tab on
earlier versions, You also wouldn't be modifying the Unix attributes,
you would need to add them, they are not added by
default.>
> A sample
> id test123 gives uid=3000015(ADDOM\test123) gid=100(users)
> groups=100(users),3000015(ADDOM\test123)
Try that on a Unix domain member running the winbind 'ad' backend and I
am sure you would get nothing returned.
Rowland