[Samba] RID numbers

Andrey Nepomnyaschih A.Nepomnyschih at chartpilot.ru
Wed Jul 2 11:14:02 GMT 2003

Well, no luck for me.

Can you specify the whole requirements for this to work.

passdb backend = ldapsam:ldap://localhost/
ldap suffix = 
ldap admin dn =

Idmap backend = ldap:ldap://localhost/

Should I enable ldap trust ids too?

Have a good time,
Andrey Nepomnyaschih

-----Original Message-----
From: samba-bounces+lists-samba=chartpilot.ru at lists.samba.org
[mailto:samba-bounces+lists-samba=chartpilot.ru at lists.samba.org] On
Behalf Of Andrew Bartlett
Sent: Wednesday, July 02, 2003 1:40 PM
To: Andrey Nepomnyaschih
Cc: samba at lists.samba.org; 'Andrew Bartlett'
Subject: RE: [Samba] RID numbers

On Wed, 2003-07-02 at 19:18, Andrey Nepomnyaschih wrote:
> Hello Andrew,
> Well I've got the samba 3.0beta2 and it seems that Samba stills 
> expects RID to be as (uidNumber * 2 + 1000).
> I'll try decribe the situation maybe the problem lies somewhere else.
> I have an Administrator account with uidNumber of 0. And whenever I 
> set its RID to 500 (default from NT world) there's no way to add 
> workstations to domain with the Administrator account. On the opposite

> side when I set RID to 1000 (0 * 2 + 1000) it works fine. So I assume 
> that samba doesn't use the mapping between uidNumber from posixAccount

> and sambaSID from sambaSamAccount, when checks whether the account has

> root access.
> Can you clarify this thing to me?

In order to use arbitary rids in LDAP, you *must* use 'idmap backed =
ldap:ldap://localhost' (as appropriate for your setup).

I will see how this can be best automated/documented to avoid future

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list