Rowland penny
2021-Mar-12 15:33 UTC
[Samba] Samba3 sambaSID calculation from 32-bit uidNumber?
On 12/03/2021 15:02, Harald Hannelius via samba wrote:> > > Does anyone know how the sambaSID suffix is calculated when the > uidNumber is a 32-bit integer? > > The formula was $uidNumber * 2 + 1000 > > When checking our current users, my uid 5xx checks out correct, but > the ones that are larger than 65536 don't seem to follow that > calculation. > > Thanks, > > ? a dinosaur >Sheesh, that is old ? It was actually '1000 + ($UnixID * 2)' and the result (RID) was appended to the end of the Samba created SID. As the largest Unix ID is 65536 (unless you have changed it), I cannot see how you can have a RID greater than 132072. Rowland
Harald Hannelius
2021-Mar-12 16:14 UTC
[Samba] Samba3 sambaSID calculation from 32-bit uidNumber?
On Fri, 12 Mar 2021, Rowland penny via samba wrote:> On 12/03/2021 15:02, Harald Hannelius via samba wrote: >> >> >> Does anyone know how the sambaSID suffix is calculated when the uidNumber >> is a 32-bit integer? >> >> The formula was $uidNumber * 2 + 1000 >> >> When checking our current users, my uid 5xx checks out correct, but the >> ones that are larger than 65536 don't seem to follow that calculation. >> >> Thanks, >> >> ? a dinosaur >> > > Sheesh, that is old ?Hey! Not *that* old...> It was actually '1000 + ($UnixID * 2)' and the result (RID) was appended to > the end of the Samba created SID. As the largest Unix ID is 65536 (unless you > have changed it), I cannot see how you can have a RID greater than 132072.Unix (And Linux) systems these days have 32-bit Unix ID numbers. Linux from 2.4 in 2001 I think. It isn't really an issue. We're shutting down the Samba+LDAP 3.6 domain but still have a service that checks passwords directly from the sambaNTPAssword attribute (freeradius). I don't think it matters what I write into the "MUST" attribute of sambaSID, but I'm curious as always. It might work as well if we just use the same *2 and + 1000 for 32-bit uidNumbers but my curiosity woke when I noticed that it doesn't match new users. -- Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020