[Samba] Re: Samba PDC migration
Tim Allen
timallen at ls83.fsnet.co.uk
Sun Jul 21 03:53:02 GMT 2002
Andrew
> The user who is logging in has a UID of 1002
>
> Looking at the logs, Samba authenticates the user OK, but then we see that
> his RID is set to 3004, not 1002. From then on, it's a new user. I assume
> this new RID is coming from the NT4 workstation?
No, of course that's being generated by Samba using 1002*2 + 1000. I think I
understand what's happening now: Samba is computing the RID based on the
entry in smbpasswd, whereas I thought it used this directly if it was
already there. I found an earlier reply of yours which explains this:
http://lists.samba.org/pipermail/samba/2002-February/066975.html
>From there, its a two-line hack in passdb.c (lookup_local_user and
lookup_local_sid) and some creative use of the new smbgroupedit tool.
You might also need to hack that, to never use the formula. I'm willing
to look at a patch that adds yet another smb.conf option to allow this
behaviour - as its a mandetory requirement for NT conversion sites.
Can't find either of this functions in V1.9 of passdb.c. Would it be OK to
hack the four functions
uid_t pdb_user_rid_to_uid(uint32 user_rid)
gid_t pdb_user_rid_to_gid(uint32 user_rid)
uint32 pdb_uid_to_user_rid(uid_t uid)
uint32 pdb_gid_to_group_rid(gid_t gid)
to not do any of this mapping (in the case you mentioned):
>Basicly, what we need to do is *never* call the crazy mapping forumla.
>This is quite simple, if all the users you ever want to see in your
>domain are proper users in your LDAP backend, and have unix accounts on
>the system (with 'normal' uids).
Please let me know if I'm on the right track here and I'll give it a try.
Thanks
Tim Allen
More information about the samba
mailing list