[Samba] rid format in sambaSID

mike at jurney.org mike at jurney.org
Fri Nov 14 14:53:17 GMT 2003


On Thu, 13 Nov 2003, Gerald (Jerry) Carter wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, 13 Nov 2003, John H Terpstra wrote:
>
> > On Thu, 13 Nov 2003 mike at jurney.org wrote:
> >
> > >
> > > Using ldap as my sam backend and Samba 3.0.0-2, I'm showing that samba
> > > stops parsing a RID when it encounters a letter.  For example, I have an
> > > accounting group with gid 2771 and therefore rid ad3.  When I list the
> > > groups in the samba domain, however, I get this listing:
> > >
> > > Domain Admins (DOMAINSID-512) -> Domain Admins
> > > Domain Users (DOMAINSID-513) -> Domain Users
> > > Domain Guests (DOMAINSID-514) -> Domain Guests
> > > marketing (DOMAINSID-0) -> marketing
> > > support (DOMAINSID-0) -> support
> > > sales (DOMAINSID-0) -> sales
> > > integrators (DOMAINSID-0) -> integrators
> > > accounting (DOMAINSID-0) -> accounting
>
> Did you manually set the sambaSID string?  We always set it in
> decimal.

Effectively, yes.  My SAM is currently in LDAP being served by a samba-tng
PDC.  I'm migrating the SAM config and generating the sambaSID value by
tacking the hex rid attribute value onto the domain SID.  If samba3
expects the RID to be represented in decimal, does that mean that
DOMAINSID-512 isn't acually the Domain Admins goup?  Should it actually be
DOMAINSID-1298?

-- 
Michael D. Jurney
mike at jurney.org




More information about the samba mailing list