Samba4 patch for manipulating Unix attributes via ADUC

Robert Colquhoun robert.colquhoun at
Sun Jul 15 00:01:52 MDT 2012

On Sat, Jul 14, 2012 at 10:05 PM, Andrew Bartlett <abartlet at> wrote:
> The issue is doing this in a distributed way that is safe on a mix of AD
> implementations including Samba and Microsoft.
> So far, the only safe allocation mechanism is the RID allocation
> mechanism.

Oh so need to stay 100% compatible with the microsoft implementation?
That does make adding custom functionality needed for unix clients
much more difficult.

Guessing RID allocation works as their is a single master to allocate
RIDs for the domain...its not really distributed as such is it?  Maybe
i have misunderstood but if you implement this is there any point
adding uidNumber and gidNumber entries, shouldn't these values be
calculated direct from from the user/groups sid?

With RID allocaton scheme imagine there will be problems migrating
existing samba 3 or unix users that already have a uid/gid allocated
that could easily fall outside the RID allocated range.  Also
sometimes unix users are created with identical uid/gid combination to
another unix user(a sort of alias) i don't imagine AD will like that
very much.

(Sorry if above questions are a bit ignorant, am new to this)

- Robert

More information about the samba-technical mailing list