Hi, I have a Samba 4.11.8 system running as an AD and a file server and I am wondering what sort of ID mapping is done in this situation. I have uidNumber on each user set to use UIDs in the 1000 range but I find that they end up in the 3000000 range instead. Is this a fixable problem, or a result of having the file server and DC as the same machine? Thanks. -- Daniel O'Connor "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum
Am 03.11.20 um 05:38 schrieb O'Connor, Daniel via samba:> Hi, > I have a Samba 4.11.8 system running as an AD and a file server and I am wondering what sort of ID mapping is done in this situation. > > I have uidNumber on each user set to use UIDs in the 1000 range but I find that they end up in the 3000000 range instead. > > Is this a fixable problem, or a result of having the file server and DC as the same machine? > > Thanks.On an DC the mapping starts allway with 3.000.000 you cant change it. That's the reason why you should not use a DC as fileserver> > -- > Daniel O'Connor > "The nice thing about standards is that there > are so many of them to choose from." > -- Andrew Tanenbaum > > >-- Stefan Kania Landweg 13 25693 St. Michaelisdonn Signieren jeder E-Mail hilft Spam zu reduzieren und sch?tzt Ihre Privatsph?re. Ein kostenfreies Zertifikat erhalten Sie unter https://www.dgn.de/dgncert/index.html
On 03/11/2020 08:54, Stefan Kania via samba wrote:> > Am 03.11.20 um 05:38 schrieb O'Connor, Daniel via samba: >> Hi, >> I have a Samba 4.11.8 system running as an AD and a file server and I am wondering what sort of ID mapping is done in this situation. >> >> I have uidNumber on each user set to use UIDs in the 1000 range but I find that they end up in the 3000000 range instead. >> >> Is this a fixable problem, or a result of having the file server and DC as the same machine? >> >> Thanks. > On an DC the mapping starts allway with 3.000.000 you cant change it. > That's the reason why you should not use a DC as fileserverSorry, but that isn't entirely true. On a DC users & groups are mapped to numbers in the '3000000' range via idmap.ldb, but you can override these numbers by giving your users a uidNumber and giving Domain Users a gidNumber. root at dc4:~# getent passwd rowland SAMDOM\rowland:*:10000:10000::/home/SAMDOM/users/rowland:/bin/bash The OP is using numbers in the '1000' range, this is something I wouldn't do, it leaves no space for local Unix users. Rowland
> On 3 Nov 2020, at 19:24, Stefan Kania via samba <samba at lists.samba.org> wrote: > Am 03.11.20 um 05:38 schrieb O'Connor, Daniel via samba: >> Hi, >> I have a Samba 4.11.8 system running as an AD and a file server and I am wondering what sort of ID mapping is done in this situation. >> >> I have uidNumber on each user set to use UIDs in the 1000 range but I find that they end up in the 3000000 range instead. >> >> Is this a fixable problem, or a result of having the file server and DC as the same machine? >> >> Thanks. > On an DC the mapping starts allway with 3.000.000 you cant change it. > That's the reason why you should not use a DC as fileserverOK, it would be nice if that was documented. IMHO just saying "don't do it!" without providing the details of the downsides does make it difficult to make an informed decision about a deployment. -- Daniel O'Connor "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum