What we want to avoid:
$ ./bin/testparm -s | grep "idmap config"
idmap config * : rangesize = 10000
idmap config * : range = 10000-19999
idmap config * : backend = autorid
$ ./bin/wbinfo --name-to-sid BUILTIN/Administrators
S-1-5-32-544 SID_ALIAS (4)
$ ./bin/wbinfo --sid-to-gid S-1-5-32-544
10000
$ ./bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-
4058748110-
895691256-
3682847423-1107 SID_USER (1)
$ ./bin/wbinfo --sid-to-gid S-1-5-21-
984165912-
589366285-
3903095728-1107
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-
984165912-
589366285-
3903095728-1107 to gid
If only one range is configured we are either not able to map users/groups
from our primary *and* the BUILTIN domain. We need at least two ranges to also
cover the BUILTIN domain!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14967
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Feb 16 17:04:53 UTC 2022 on sn-devel-184
and the corresponding map is discarded. It is
intended as a way to avoid accidental UID/GID
overlaps between local and remotely defined
- IDs.
+ IDs. Note that the range should be a multiple
+ of the rangesize and needs to be at least twice
+ as large in order to have sufficient id range
+ space for the mandatory BUILTIN domain.
+ With a default rangesize of 100000 the range
+ needs to span at least 200000.
+ This would be: range = 100000 - 299999.
</para></listitem>
</varlistentry>
projects / thirdparty / samba.git / commitdiff
