[Samba] Concern about 3.0.22->3.0.23b upgrade (algorithmic SIDs
issue)
Gerald (Jerry) Carter
jerry at samba.org
Fri Aug 25 13:04:42 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael,
> The WHATSNEW file says that the method of mapping
> unix-native uids and gids to SIDs has changed since 3.0.22.
> As I read this, this would imply that upgrading Samba
> will cause much breakage because domain users will no
> longer be able to access files they saved on their
> own harddisks.
>
> The obvious way to fix this is to insert explicit
> mappings to the (now legacy) algorithmic SIDs into Samba.
> But while it is possible to do this with the "net
> groupmap" command for gids, there's no "net usermap"
> command to do it with uids. And the user IDs are
> the bulk of the problem.
I would recommend a couple of things:
(a) Use a test server. The 3.0.23 series has some
aggressive changes wrt to user's and groups.
(b) get the proposed 3.0.23c upgrade patch for 3.0.23b from
http://samba.org/~jerry/patches/patch-3.0.23b-3.0.23c-gwc-1.diffs.gz
This fixes several issues with standalone servers, domain
controllers, and local users on member servers.
Now a few comments:
If you are running a member server and using winbindd,
the SID allocation for domain users and groups does not
change.
You can use "net groupmap" to set up SIDs for groups
and 'pdbedit -a' to add users to the passdb (which
will give them an explicit SID in the machine's domain).
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE7vVqIR7qMdg1EfYRAnrvAJ0WkF5WwzKYZ08B2PZuXLl3A4IFkACgockp
XpnXIyaecRNKl/zTZV7Knh0=
=uCNk
-----END PGP SIGNATURE-----
More information about the samba
mailing list