samba - Mar 2022 - Numerically large UID issues (I think)

I'm trying to do an Ubuntu 20.04 Samba-only (i.e. no sssd) deployment 
against the University's somewhat Rube Goldberg AD, and am running in to 
issues.  In particular

root at cns-khl-files:/etc# getent passwd pgoetz
pgoetz:*:10224688:10000513::/home/pgoetz:/bin/bash
root at cns-khl-files:/etc# getent passwd jm88942
root at cns-khl-files:/etc#

So, getent passwd works for me, but not for username jm88942.  Using 
Powershell:

------------------------------------------
PS C:\Users\cns-pgoetz> get-aduser pgoetz

DistinguishedName : CN=Goetz Patrick G 
(pgoetz),OU=Austinites,OU=People,DC=austin,DC=utexas,DC=edu
Enabled           : True
ObjectClass       : user
ObjectGUID        : 8c30a807-88a1-4e68-8274-6cf88839223b
SamAccountName    : pgoetz
SID               : S-1-5-21-527237240-963894560-725345543-224688


PS C:\Users\cns-pgoetz> get-aduser jm88942

DistinguishedName : CN=XXX 
(jm88942),OU=Austinites,OU=People,DC=austin,DC=utexas,DC=edu
Enabled           : True
ObjectClass       : user
ObjectGUID        : f3c6665c-eee0-4f00-b514-f4c7a773a86f
SamAccountName    : jm88942
SID               : S-1-5-21-527237240-963894560-725345543-10188858
------------------------------------------

Notice that my RID is 224688 while jm88942's is numerically larger: 10188858

Here is the RID mapping from smb.conf:

    idmap config * : backend = tdb
    idmap config * : range = 3000-9999
    idmap config AUSTIN : backend = rid
    idmap config AUSTIN : range = 10000000-10999999

I had originally set the base to 1000000, noticed the problem and 
increased the base to 10000000, but this doesn't seem to have helped.

I'm only showing 2 examples, but I've tested a couple of other users 
with the same result.  RIDs < one million work, RIDs > one million
don't.

Any ideas?  This is what I get on an sssd-based system:

root at kraken:~# getent passwd jm88942
jm88942:*:255188858:1007000513:McLellan Jason 
(jm88942):/home/jm88942:/bin/bash

I thought sssd used the same RID -> UID mapping system that the Samba 
RID bank end uses, but the math doesn't work out:

   (jm88942) 255188858 - 10188858 = 245000000

However,

root at kraken:~# getent passwd pgoetz
pgoetz:*:1562224688:1007000513:Goetz Patrick G 
(pgoetz):/home/pgoetz:/bin/bash

   (pgoetz) 1562224688 - 224688 = 1562000000

so apparently not just adding a base value to the user's RID.

I'm hoping to not have to install sssd and spaghettify this system...

On Wed, 2022-03-30 at 07:44 -0500, Patrick Goetz via samba
wrote:
> I'm trying to do an Ubuntu 20.04 Samba-only (i.e. no sssd)
> deployment 
> against the University's somewhat Rube Goldberg AD, and am running in
> to 
> issues.  In particular
> 
> root at cns-khl-files:/etc# getent passwd pgoetz
> pgoetz:*:10224688:10000513::/home/pgoetz:/bin/bash
> root at cns-khl-files:/etc# getent passwd jm88942
> root at cns-khl-files:/etc#
> 
> So, getent passwd works for me, but not for username jm88942.  Using 
> Powershell:
> 
> ------------------------------------------
> PS C:\Users\cns-pgoetz> get-aduser pgoetz
> 
> DistinguishedName : CN=Goetz Patrick G 
> (pgoetz),OU=Austinites,OU=People,DC=austin,DC=utexas,DC=edu
> Enabled           : True
> ObjectClass       : user
> ObjectGUID        : 8c30a807-88a1-4e68-8274-6cf88839223b
> SamAccountName    : pgoetz
> SID               : S-1-5-21-527237240-963894560-725345543-224688
> 
> 
> PS C:\Users\cns-pgoetz> get-aduser jm88942
> 
> DistinguishedName : CN=XXX 
> (jm88942),OU=Austinites,OU=People,DC=austin,DC=utexas,DC=edu
> Enabled           : True
> ObjectClass       : user
> ObjectGUID        : f3c6665c-eee0-4f00-b514-f4c7a773a86f
> SamAccountName    : jm88942
> SID               : S-1-5-21-527237240-963894560-725345543-10188858
> ------------------------------------------
> 
> Notice that my RID is 224688 while jm88942's is numerically larger:
> 10188858
> 
> Here is the RID mapping from smb.conf:
> 
>     idmap config * : backend = tdb
>     idmap config * : range = 3000-9999
>     idmap config AUSTIN : backend = rid
>     idmap config AUSTIN : range = 10000000-10999999
> 
> I had originally set the base to 1000000, noticed the problem and 
> increased the base to 10000000, but this doesn't seem to have helped.
Sorry but that will not help, you should have raised the high range.
The rid idmap backend uses this calculation:

ID = RID - BASE_RID + LOW_RANGE_ID

The BASE_RID is 0 unless you set it in smb.conf, so that becomes:

ID = RID + LOW_RANGE_ID

Which in your case is:

11188858 = 10188858 + 1000000

And '11188858' is larger than your high range '10999999'. This
means it
will be ignored, just add a '9' to the end of your high range (and put
the low range back to what it was.

Rowland