[Samba] matching UIDs to RIDs when converting from Windows to Samba

Ed Ravin eravin at panix.com
Tue Mar 16 02:35:32 GMT 2004


On Tue, Mar 16, 2004 at 01:26:11AM +0000, Andrew Bartlett wrote:
> On Mon, Mar 15, 2004 at 08:11:42PM -0500, Ed Ravin wrote:
> > I have a bunch of Windows users using a Win2k server as a PDC.  I want
> > to move all the server functions to a Samba server without disturbing
> > the users in any way.  The client machines are all Win2k, using local
> > profiles.
> > 
> > Samba insists on algorithmicly generating the RID from the UID, so the
> > Windows user, after migration, gets a new SID and loses contact with
> > their local profile.  In fact, they seem to be an entirely different
> > user, with a new SID and new profile directory.
> 
> If you used a 'real' passdb backend, like ldapsam and tdbsam, then
> this should 'just work'.

Thanks, but it doesn't.  I looked up tdbedit and the HOWTO and did
the following:

   ; added this to smb.conf
   passdb backend = tdb

   # ran this:
   # pdbedit -i smbpasswd

Now, if I look at the table with pdbedit:

  # pdbedit -L -u bilbo
  bilbo:1112:Bilbo Baggins

That looks good, but the when I query via rpcclient for the RID, it's still
3224, which is the value returned by the algorithmic mapping (1112 * 2 + 1000).

If I run tdbdump | grep -C2 bilbo I see this:

  {
  key = "RID_00000c98\00"
  data = "bilbo\00"
  }

0xc98 is 3224.  It looks like the algorithmic mapping happened when I
ran "pdbedit -i".  Even if I use "pdbedit -u bilbo -U <sid-string>-1112",
the stored value in the TDB is still 0xc98.  Clearly, something is
enforcing the mapping on the way into or out of the TDB backend.

Are you sure this is supposed to "just work"?


More information about the samba mailing list