[Samba] RE: SID Calculation
Jarabe
jarabe at wasatchnet.net
Fri Aug 22 20:15:58 GMT 2003
I guess my question stems from the following situation. I have in LDAP
a uidNumber of 1001. The only way i am able to get samba imformation
populated into ldap is to change passdb backend from ldapsam to
smbpasswd then create a samba user, then change passdb backend back to
ldapsam, then finally use pdbedit to import from my smbpasswd file
database.
This seems sad I know but I cant seem to do it anyother way. I guess
i could turn off schema checking in ldap but that would defeat the
purpose of schema checking...
This is why I need to know how to do a sid calculation as far as I can
tell it takes the uidNumber multiplies it by 2 and adds 1000. The
problem with that is my uidNumbers for users are 1000, 1001, 1002 etc
and the machine account sids are conflicting with the 1002, 1003 users
because of the order I added them in.
Therefore can I just change the way sids are calculated for the
machines so that it is different than the way it is done for users?
Thanks,
Spencer
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 22 Aug 2003, Jarabe wrote:
>> If I am adding accounts manually to my ldap directory, and was
curious if there is any magic in the sambaSID attibutes? Can i assign
then incrementally? What abou the sambaPrimaryGroupSID what does that
need to be??
3 things:
* if you do this, set 'enable rid algorithm = no' in smb.conf
However, things may break at this point.
* also see the code in sam/idmap_ldap.c that handles RID
allocation.
* make sure all the users you care about are stored in your
passdb backend (ldapsam) and that all group mappings are
setup correctly.
cheers, jerry
More information about the samba
mailing list