Samba-HOWTO-Collection-- some comments/questions on chapter 11 and 12

Hansjoerg Maurer Hansjoerg.Maurer at
Wed Jul 16 07:20:22 GMT 2003


first of all thank you very much, for your great Sama-Howto-Collection.
It helps very much in configuring samba and understanding the background.
When reading chapter 11 and 12, I had  some questions (from my point of 
few as a non expert).
If the answers are not to complicated, an if you think, the 
questions/comments are usefull, maybe you can include them.

I am trying to configure samba on linux as PDC with nss_ldap für single 
sign on on linux and windows.
The connection from ldap and samba works fine.
In the following I try to describe what I am doing in order  to fill 
ldap with the group and user information.
At some points I am not sure, and maybe these point could be clarifeid 
in the docu)
I have a root account in /etc/passwd and groups (lp etc in /etc/group)

-First of all, I am adding posix groups to ldap using gq.
 Do I have to add groups like sys, lp to ldap to, in order to map them 
to eg. "printer admins" later?
Do I have to use the same GID as in /etc/group or is this not neccessary
 and samba reads /etc/groups (with passdb backend ldapsam:...,plain 

-I map these groups to exitsing Windows groups with "net groupmap modify 
The Built-In Windows Groups (eg Power Users")  don't have to be in ldap 

-If I add an additional Group (eg. sales) I have to add it as posix 
group to ldap
and add it with "net groupmap add ..." to windows.
Is there an algorithmic realtion between the posix GID and the RID of 
the group  I can/should use
(eg  2*GID + 1001)?

-The I start adding users
Do I have to calculate the rid and the PrimaryGroupID out of the 
UIDnumber and the GID with
RID=2*uidnumber+1000  PrimaryGroupID=2*gid+1001?
Is this necessray, in order that the NT-User with RID=2*uidnumber+1000 
can access the files of the unix-user with uidnumber?

-Do I have to add the windows users Administrator and guest to the ldap 
I want my Domain-Admin-User Administrator be mapped to root.
Do I have to add a User "Adminitsrator" with UID=0 to the ldap?
If I do so, whats about the algorithmic mapping?
2*0+1000 is not the well known RID of the Domain Admin?
Same question with guest?

-Now (finally) I want to add Users with the NT-Usermanager.
Do I have to add the posix "adduser" command to smb.conf
which only fills the posix fields of sambaSAMaccount or do I have to add
a command like from the smbldap tools, which fills the Samba-parts to.

A lot of questions.
Maybe they sound silly, but they occur for me when thinking about how to 
make it right.
And maybe they help you, to see, whate strange thoughts user out there 
might have,
on things, which are totaly clear for you.

Thank you very much



Dr.  Hansjoerg Maurer           | LAN- & System-Manager
Deutsches Zentrum               | DLR Oberpfaffenhofen
  f. Luft- und Raumfahrt e.V.   |
Institut f. Robotik             |
Postfach 1116                   | Muenchner Strasse 20
82230 Wessling                  | 82234 Wessling
Germany                         |
Tel: 08153/28-2431              | E-mail: Hansjoerg.Maurer at
Fax: 08153/28-1134              | WWW:

More information about the samba-technical mailing list