On 03/11/2020 08:54, Stefan Kania via samba wrote:> > Am 03.11.20 um 05:38 schrieb O'Connor, Daniel via samba: >> Hi, >> I have a Samba 4.11.8 system running as an AD and a file server and I am wondering what sort of ID mapping is done in this situation. >> >> I have uidNumber on each user set to use UIDs in the 1000 range but I find that they end up in the 3000000 range instead. >> >> Is this a fixable problem, or a result of having the file server and DC as the same machine? >> >> Thanks. > On an DC the mapping starts allway with 3.000.000 you cant change it. > That's the reason why you should not use a DC as fileserverSorry, but that isn't entirely true. On a DC users & groups are mapped to numbers in the '3000000' range via idmap.ldb, but you can override these numbers by giving your users a uidNumber and giving Domain Users a gidNumber. root at dc4:~# getent passwd rowland SAMDOM\rowland:*:10000:10000::/home/SAMDOM/users/rowland:/bin/bash The OP is using numbers in the '1000' range, this is something I wouldn't do, it leaves no space for local Unix users. Rowland
> On 3 Nov 2020, at 19:55, Rowland penny via samba <samba at lists.samba.org> wrote: > > On 03/11/2020 08:54, Stefan Kania via samba wrote: >> >> Am 03.11.20 um 05:38 schrieb O'Connor, Daniel via samba: >>> Hi, >>> I have a Samba 4.11.8 system running as an AD and a file server and I am wondering what sort of ID mapping is done in this situation. >>> >>> I have uidNumber on each user set to use UIDs in the 1000 range but I find that they end up in the 3000000 range instead. >>> >>> Is this a fixable problem, or a result of having the file server and DC as the same machine? >>> >>> Thanks. >> On an DC the mapping starts allway with 3.000.000 you cant change it. >> That's the reason why you should not use a DC as fileserver > > Sorry, but that isn't entirely true. On a DC users & groups are mapped to numbers in the '3000000' range via idmap.ldb, but you can override these numbers by giving your users a uidNumber and giving Domain Users a gidNumber. > > root at dc4:~# getent passwd rowland > SAMDOM\rowland:*:10000:10000::/home/SAMDOM/users/rowland:/bin/bashI tried setting uidNumber et al via the active directory editor and samba-ldbedit, however the mapping doesn't seem to change so I am wondering if it ends up stored somewhere else in the AD case.> The OP is using numbers in the '1000' range, this is something I wouldn't do, it leaves no space for local Unix users.These were migrated from an old (Samba 3 era) install, so it's vintage now ;) -- Daniel O'Connor "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum
On 03/11/2020 12:17, O'Connor, Daniel wrote:> I tried setting uidNumber et al via the active directory editor and samba-ldbedit, however the mapping doesn't seem to change so I am wondering if it ends up stored somewhere else in the AD case.Did you give 'Domain Users' a gidNumber ? without this, the uidNumber attributes are ignored.> >> The OP is using numbers in the '1000' range, this is something I wouldn't do, it leaves no space for local Unix users. > These were migrated from an old (Samba 3 era) install, so it's vintage now ;) >That is just about the only reason to use them and even then I would think hard about setting up a new domain. Rowland