[Samba] RID numbers

Andrew Bartlett abartlet at samba.org
Wed Jul 2 11:30:13 GMT 2003 

On Wed, 2003-07-02 at 21:14, Andrey Nepomnyaschih wrote:
> Well, no luck for me.
> 
> Can you specify the whole requirements for this to work.
> 
> ...
> passdb backend = ldapsam:ldap://localhost/
> ldap suffix = 
> ldap admin dn =
> 
> Idmap backend = ldap:ldap://localhost/
> ...
> 
> Should I enable ldap trust ids too?

I don't think it changes this issue.  You do need to delete the
winbindd_idmap.tdb to remove the previous cache.

And you need the ldap suffix, ldap admin dn specified.

Andrew Bartlett

> -----Original Message-----
> From: samba-bounces+lists-samba=chartpilot.ru at lists.samba.org
> [mailto:samba-bounces+lists-samba=chartpilot.ru at lists.samba.org] On
> Behalf Of Andrew Bartlett
> Sent: Wednesday, July 02, 2003 1:40 PM
> To: Andrey Nepomnyaschih
> Cc: samba at lists.samba.org; 'Andrew Bartlett'
> Subject: RE: [Samba] RID numbers
> 
> 
> On Wed, 2003-07-02 at 19:18, Andrey Nepomnyaschih wrote:
> > Hello Andrew,
> > 
> > Well I've got the samba 3.0beta2 and it seems that Samba stills 
> > expects RID to be as (uidNumber * 2 + 1000).
> > 
> > I'll try decribe the situation maybe the problem lies somewhere else.
> > 
> > I have an Administrator account with uidNumber of 0. And whenever I 
> > set its RID to 500 (default from NT world) there's no way to add 
> > workstations to domain with the Administrator account. On the opposite
> 
> > side when I set RID to 1000 (0 * 2 + 1000) it works fine. So I assume 
> > that samba doesn't use the mapping between uidNumber from posixAccount
> 
> > and sambaSID from sambaSamAccount, when checks whether the account has
> 
> > root access.
> > 
> > Can you clarify this thing to me?
> 
> In order to use arbitary rids in LDAP, you *must* use 'idmap backed =
> ldap:ldap://localhost' (as appropriate for your setup).
> 
> I will see how this can be best automated/documented to avoid future
> confusion.
> 
> Andrew Bartlett
-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030702/06c4fb30/attachment.bin

More information about the samba mailing list