[Samba] rid and uid on ldap pdc

Andrew Bartlett abartlet at samba.org
Thu Aug 15 14:10:01 GMT 2002

David Mendenhall wrote:
> Is the rid of a user required to be 2*uid+1000 in HEAD when using an ldap
> backend? Is it still necessary that users also exist in /etc/passwd? I'd
> like to replace NIS and win NT domain auth with ldap, and want to keep the
> current unix uid's and the NT rid's, so the migration is transparent to the
> end users.

In theory, this *might* be possible.  I've not yet seen evidence that
this can actually be done, and you certainly need Samba 3.0

Samba 3.0 will always repect the RID stored in LDAP, so you can set it
to match.  However, you need to ensure that the RIDs don't conflict with
the 'magic' RIDs that Samba creates using the old algorithm.

To achive this, set 'algorithmic rid base = nice_big_num', where
nice_big_num defaults to 1000, you want to make it 100000 or so :-)

Then, use smbgroupedit to set the SIDs for the groups to match (this
isn't kept in LDAP yet).   

You don't need /etc/passwd entries, as long as you use nss_ldap.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list