How to force SAMBA to use the specified RID?

A

Anton Teremshonok2015-12-09 22:59:56

Samba

Anton Teremshonok, 2015-12-09 22:59:56

Hello!
Please tell me how to force SAMBA included in the domain to use the specified RID, otherwise local users intersect with domain ones.
I tried to add to the config what Rsa97 recommended ( How to get rid of huge UID and GID values in S... ), but it didn't help.
getent passwd

n.bahareva:*:10384:10000:Бахарева Н:/home/n.bahareva:/bin/bash
m.popov:*:10386:10000:Попов М:/home/m.popov:/bin/bash

Windows SID

S-1-5-21-833212901-2941102506-3986841923-4131
S-1-5-21-833212901-2941102506-3986841923-4132

It is necessary that 10386 , 10000 and others be of a greater value.
The current SAMBA config is 3.6.3 .

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Anton Teremshonok, 2015-12-14
@TerAnYu

It turned out if you comment out
leaving it like this:

idmap config NT AUTHORITY : base_rid = 0
idmap config NT AUTHORITY : range = 1200000-1299999
idmap config NT AUTHORITY : backend = rid

idmap config BUILTIN : base_rid = 0
idmap config BUILTIN : range = 1000000-1099999
idmap config BUILTIN : backend = rid

#idmap config MOVAVI : base_rid = 1000
idmap config MOVAVI : range = 50000-88999
idmap config MOVAVI : backend = rid
idmap config MOVAVI : default = yes

idmap config * : range = 1300000-1999999
idmap config * : backend = rid

The question led me to the idea: https://www.linux.org.ru/forum/admin/11157411

R

Rsa97, 2015-12-10
@Rsa97

You specified in the config that RIDs in the domain start from 50000 (the base_rid parameter), and in the given SIDs the RID values are 4131 and 4132. Accordingly, an error occurs.
rid_backend thinks like this: UID = RID - BASE_RID + LOW_RANGE_ID
If you want, say, the RID range from 1000 to 19999 to be converted to the UID range from 10000 to 28999, then specify

idmap config MOVAVI : base_rid = 1000
idmap config MOVAVI : range = 10000-28999