Calculate next SID, and why SID already is in base?02 Oct 2006
Today at work I got an error like the following while I tried to add a new user:
ldapsam_add_sam_account: SID 'S-1-5-21-xxxxxxxxx-xxxxxxxxxx-xxxxxxxxx-3048' already in the base, with samba attributes
I searched the net to find out what the problem was. On some site I found how the SID is calculated:
User-SID: uid*2+sambaAlgorithmicRidBase Group-SID: gid*2+sambaAlgorithmicRidBase+1
My user had uid 1024 so it seemed to fit just right (I guess sambaAlgorithmicRidBase=1000). But why had another user already got the SID 3048, that would mean that another user had uid 1024?… Exactly! :)
Users for Samba is stored in LDAP. I have split my user- and Windows workstaion accounts (which also needs to be Linux users) into different containers named
Computers. When a normal account is created, it only checked for existing uid’s in the
Users-container. Because of this I now have 2 users with the uid 1024 (both Windows workstation account and my newly created user account) and now a SID conflict. I should fix the uid check when adding a new user to also check in the
Computers-container. Hopes this helps some people with similar problems.
Calculate next SID, and why SID already is in base? by Jacob Emcken is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.