LDAP rid attribute in 2.2.3

Ignacio Coupeau icoupeau at unav.es
Wed Feb 6 03:59:01 GMT 2002

Alain RICHARD wrote:
> Looking at the code and samba.schema, I have observed :
> a) that rid attribute is mandatory for users
> b) there is no sambaGroup, so no rid for groups
> c) that rid are derived from uid and gid (rid = 2*uid + 1000 for users, 
> rid=2*gid+1001 for groups
> d) some special groups are identified with their special rid (for 
> example Domain Admins=512)

of course, these accounts requires a well know RID/SID (builtin)

> e) the binding from an ldap user to an "NT" group is done using the 
> primaryGroupID attribute
 > f) it is possible to bind a unix group to be "Domain Admins" using
 > "domain admin group" in smb.conf

you can perform group maping in the HEAD 
(samba/docs/textdocs/GROUP-MAPPING-HOWTO.txt) and in the SAMBA_2_2 
perhaps (I don't tested it) with a trick 

> g) the "smbpasswd -a" command add samba attributes to an existing 
> posixAccount. Doing so, it adds an rid of 0 to a user and not (2*uid+1000)

in HEAD or in SAMBA_2_2 branche?

I tested the SAMBA_2_2 and the rid runs fine:
> uid: 111111
> rid: 2038
> primaryGroupID: 1001


Ignacio Coupeau, Ph.D.     e-mail: icoupeau at unav.es
CTI, Director              fax:    948 425619
University of Navarra      voice:  948 425600
Pamplona, SPAIN            http://www.unav.es/cti/

More information about the samba-technical mailing list