[Samba] RID numbers
Andrey Nepomnyaschih
A.Nepomnyschih at chartpilot.ru
Wed Jul 2 11:14:02 GMT 2003
Well, no luck for me.
Can you specify the whole requirements for this to work.
...
passdb backend = ldapsam:ldap://localhost/
ldap suffix =
ldap admin dn =
Idmap backend = ldap:ldap://localhost/
...
Should I enable ldap trust ids too?
Have a good time,
Andrey Nepomnyaschih
-----Original Message-----
From: samba-bounces+lists-samba=chartpilot.ru at lists.samba.org
[mailto:samba-bounces+lists-samba=chartpilot.ru at lists.samba.org] On
Behalf Of Andrew Bartlett
Sent: Wednesday, July 02, 2003 1:40 PM
To: Andrey Nepomnyaschih
Cc: samba at lists.samba.org; 'Andrew Bartlett'
Subject: RE: [Samba] RID numbers
On Wed, 2003-07-02 at 19:18, Andrey Nepomnyaschih wrote:
> Hello Andrew,
>
> Well I've got the samba 3.0beta2 and it seems that Samba stills
> expects RID to be as (uidNumber * 2 + 1000).
>
> I'll try decribe the situation maybe the problem lies somewhere else.
>
> I have an Administrator account with uidNumber of 0. And whenever I
> set its RID to 500 (default from NT world) there's no way to add
> workstations to domain with the Administrator account. On the opposite
> side when I set RID to 1000 (0 * 2 + 1000) it works fine. So I assume
> that samba doesn't use the mapping between uidNumber from posixAccount
> and sambaSID from sambaSamAccount, when checks whether the account has
> root access.
>
> Can you clarify this thing to me?
In order to use arbitary rids in LDAP, you *must* use 'idmap backed =
ldap:ldap://localhost' (as appropriate for your setup).
I will see how this can be best automated/documented to avoid future
confusion.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list