[Samba] RE: SID Calculation

Jarabe jarabe at wasatchnet.net
Fri Aug 22 20:15:58 GMT 2003

I guess my question stems from the following situation. I have in LDAP
a uidNumber of 1001. The only way i am able to get samba imformation
populated into ldap is to change passdb backend from ldapsam to
smbpasswd then create a samba user, then change passdb backend back to
ldapsam, then finally use pdbedit to import from my smbpasswd file

This seems sad I know but I cant seem to do it anyother way.  I guess
i could turn off schema checking in ldap but that would defeat the
purpose of schema checking...

This is why I need to know how to do a sid calculation as far as I can
tell it takes the uidNumber multiplies it by 2 and adds 1000.  The
problem with that is my uidNumbers for users are 1000, 1001, 1002 etc
and the machine account sids are conflicting with the 1002, 1003 users
because of the order I added them in.

Therefore can I just change the way sids are calculated for the
machines so that it is different than the way it is done for users?


Hash: SHA1

On Fri, 22 Aug 2003, Jarabe wrote:

>> If I am adding accounts manually to my ldap directory, and was
curious if there is any magic in the sambaSID attibutes?  Can i assign
then incrementally?  What abou the sambaPrimaryGroupSID what does that
need to be??

3 things:

  * if you do this, set 'enable rid algorithm = no' in smb.conf
    However, things may break at this point.
  * also see the code in sam/idmap_ldap.c that handles RID 
  * make sure all the users you care about are stored in your 
    passdb backend (ldapsam) and that all group mappings are 
    setup correctly.

cheers, jerry

More information about the samba mailing list