idmap range on Ubuntu 20.04 (sssd) does not match CentOS 7 winbind idmaps (kinda)

Ashley Hill

2/26/23, 5:32 PM

My Active Directory maps in Ubuntu systems are very long compared to my CentOS IDs The last 4 digits match but Ubunutu seems to be adding a lot more to the beginning.

In CentOS winbind/samba I used a range to get the IDs I needed:

    idmap config * : range = 10000-20000
    idmap config * : backend = tdb
    idmap config MYDOMAIN : default = yes
    idmap config MYDOMAIN : range = 10000-24999999
    idmap config MYDOMAIN : backend = rid

Which would produce an ID like 11695 on Centos

Ubuntu 20.04 produces guid/uid of 1558801695, which adds 155880 and removed the leading 1 from 11695.

How can I format Ubuntu's sssd config to give me what I need. All my files and folders are tagged with the Centos IDs and CentOS does not recognize these longer ones?

I hope I explained this ok.

Thanks :)

416

0 + 0

active-directory

user-management

authentication

sssd

ubuntu-20.04

Score:0

Server

Andrew Lowther

2/26/23, 9:54 PM

You are going to want to read up on SSSD's ID Mapping. To duplicate the rid generated ids then you will need to set a default domain in SSSD and configure the id ranges to match.

I believe these SSSD settings will match your samba config

ldap_id_mapping = true
ldap_schema = ad
ldap_idmap_default_domain_sid = S-1-5-21-REDACTED
ldap_idmap_range_min = 10000
ldap_idmap_range_max = 24999999

You will need to get your Active Directory SID for the ldap_idmap_default_domain_sid value. You might be able to get this from the CentOS box with the command net getdomainsid. I have not gotten the related ldap_idmap_default_domain setting to work.

If you are setting up Samba on the Ubuntu server then you can unify the ids by using the idmap_sss backend for Winbind.

When changing id mapping settings in SSSD it is best to completely clear the local cache to see what effect the changes had.

systemctl stop sssd
rm /var/lib/sss/{db,mc}/*
sss_cache -E
# optionally clear debug logs
truncate -s 0 /var/log/sssd/*.log
systemctl start sssd

0 + 0

Ashley Hill

2/27/23, 1:43 AM

Wow! That worked! All my best. Cheers and Thanks so much.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: idmap range on Ubuntu 20.04 (sssd) does not match CentOS 7 winbind idmaps (kinda)

TH: ช่วง idmap บน Ubuntu 20.04 (sssd) ไม่ตรงกับ CentOS 7 winbind idmaps (kinda)

RO: Intervalul idmap pe Ubuntu 20.04 (sssd) nu se potrivește cu CentOS 7 winbind idmaps (cumva)

RU: диапазон идентификаторов в Ubuntu 20.04 (sssd) не соответствует идентификаторам CentOS 7 winbind (вроде)

VI: phạm vi idmap trên Ubuntu 20.04 (sssd) không khớp với idmap winbind của CentOS 7 (đại loại là)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.