sam replication

Andrew Bartlett abartlet at
Wed Sep 17 12:58:04 GMT 2003

On Wed, 2003-09-17 at 22:38, José Luis Tallón wrote:
> ( Sorry, pressed "send-now" keyboard shortcut in accident )
> At 10:13 17/09/2003 +0200, Simo Sorce wrote:
> >On Tue, 2003-09-16 at 18:36, Richard Renard wrote:
> > > Is it possible to have the name of the people who work on the
> > > replication process ?
> > >
> > > So we could share things we know about.
> >
> >I'm working on a new users and groups backend to support a full sam,
> >this is fundamental to have a decent samba PDC + NT BDC, no to so for a
> >NT PDC + samba BDC.
> While you are at it ( i guess ldapsam is already capable of most if not all 
> functionality required ), please include a means for specifying [different] 
> base RIDs for users and machines.
> The situation leading to this is as follows:
> - configured ldapsam, enable rid algorith, idmap account range = 10000-20000
> - created initial users in directory, posixAccount
> - joined machines to the domain, NUA operation
> now, if we want to add new users, we are in the situation that the RIDs 
> they would be assigned are already being used by machines. Therefore, i 
> propose separating the RID ranges for machines and users ( though it is 
> different from what Win does )

RID allocation should be independent of UID allocation, if you want it
that way.  However, if you are allocating a UID for translation into an
algorithmic RID, then it's up to you to avoid conflicts.

You are going to need to create UID (posixAccount) entries for all your
machines anyway, so why not just make your scripts avoid adding
duplicate entries?

Andrew Bartlett 

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list