[Samba] Re: Samba PDC migration

[Tim Allen]

Andrew

> The user who is logging in has a UID of 1002
>
> Looking at the logs, Samba authenticates the user OK, but then we see that
> his RID is set to 3004, not 1002. From then on, it's a new user. I assume
> this new RID is coming from the NT4 workstation?

No, of course that's being generated by Samba using 1002*2 + 1000. I think I
understand what's happening now: Samba is computing the RID based on the
entry in smbpasswd, whereas I thought it used this directly if it was
already there. I found an earlier reply of yours which explains this:

http://lists.samba.org/pipermail/samba/2002-February/066975.html


>From there, its a two-line hack in passdb.c (lookup_local_user and
lookup_local_sid) and some creative use of the new smbgroupedit tool.
You might also need to hack that, to never use the formula.  I'm willing
to look at a patch that adds yet another smb.conf option to allow this
behaviour - as its a mandetory requirement for NT conversion sites.

Can't find either of this functions in V1.9 of passdb.c. Would it be OK to
hack the four functions

uid_t pdb_user_rid_to_uid(uint32 user_rid)
gid_t pdb_user_rid_to_gid(uint32 user_rid)
uint32 pdb_uid_to_user_rid(uid_t uid)
uint32 pdb_gid_to_group_rid(gid_t gid)

to not do any of this mapping (in the case you mentioned):

>Basicly, what we need to do is *never* call the crazy mapping forumla.
>This is quite simple, if all the users you ever want to see in your
>domain are proper users in your LDAP backend, and have unix accounts on
>the system (with 'normal' uids).

Please let me know if I'm on the right track here and I'll give it a try.

Thanks

Tim Allen