samba4 migration problems

Marc Muehlfeld Marc.Muehlfeld at
Tue May 8 04:05:13 MDT 2012

Am 19.04.2012 15:02, schrieb Andrew Bartlett:
 >> smbldap-tools create the machine-accounts when joining. The UID is
 >> always high like 2136, but the sambaSID that was choosen was
 >> S-1-5-21-1362721961-1801182073-732966438-40
 >> For users it's calculated correct (UID * 2 + 1000)
 > This would appear to be a very serious issue with smbldap-tools then.

I'm not sure if this is a problem in smbldap-tools. I updated my very old 
0.9.4 to the latest 0.9.8-1 and still have this problem for machine accounts.

In my smb.conf I have
add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u
and if I run this command by hand, the new created account doesn't have a 
sambaSID entry. See screenshot

I also found old postings with the information, that samba creates the 
sambaSID entry (

In a level 10 debug log I saw, that samba get the RID from sambaNextGroupRid 
out of LDAP, which is just incremented by samba every time a new machine joins 
a domain. Are machine RIDs not calculated by UID * 2 + 1000?

 > If you are using ldapsam:trusted, perhaps consider ldapsam:editposix?
 > Anyway, it doesn't matter much if you are moving to samba4 anyway.

So if I switch to s4, I don't have to fix the wrong RIDs?


More information about the samba-technical mailing list