[Samba] matching UIDs to RIDs when converting from Windows to Samba

John H Terpstra jht at samba.org
Tue Mar 16 02:46:16 GMT 2004

On Mon, 15 Mar 2004, Ed Ravin wrote:

> On Tue, Mar 16, 2004 at 01:26:11AM +0000, Andrew Bartlett wrote:
> > On Mon, Mar 15, 2004 at 08:11:42PM -0500, Ed Ravin wrote:
> > > I have a bunch of Windows users using a Win2k server as a PDC.  I want
> > > to move all the server functions to a Samba server without disturbing
> > > the users in any way.  The client machines are all Win2k, using local
> > > profiles.
> > >
> > > Samba insists on algorithmicly generating the RID from the UID, so the
> > > Windows user, after migration, gets a new SID and loses contact with
> > > their local profile.  In fact, they seem to be an entirely different
> > > user, with a new SID and new profile directory.
> >
> > If you used a 'real' passdb backend, like ldapsam and tdbsam, then
> > this should 'just work'.
> Thanks, but it doesn't.  I looked up tdbedit and the HOWTO and did
> the following:
>    ; added this to smb.conf
>    passdb backend = tdb

	passdb backend = tdbsam

>    # ran this:
>    # pdbedit -i smbpasswd

	pdbedit -i smbpasswd -e tdbsam

It helps if you tell it which backend to migrate to.

> Now, if I look at the table with pdbedit:
>   # pdbedit -L -u bilbo
>   bilbo:1112:Bilbo Baggins

That's likely derived from smbpasswd, not from tdbsam since you did not
specify a tdbsam. Samba has no idea what to do with:

	passdb backend = tdb

I'm surprised you got no error messages in the log files. Did you check
the logs?

> That looks good, but the when I query via rpcclient for the RID, it's still
> 3224, which is the value returned by the algorithmic mapping (1112 * 2 + 1000).
> If I run tdbdump | grep -C2 bilbo I see this:
>   {
>   key = "RID_00000c98\00"
>   data = "bilbo\00"
>   }

You have not provided enough information to comment on this. The tdbdump
command should be passed the name of a tdb file. Your example does not do

> 0xc98 is 3224.  It looks like the algorithmic mapping happened when I
> ran "pdbedit -i".  Even if I use "pdbedit -u bilbo -U <sid-string>-1112",
> the stored value in the TDB is still 0xc98.  Clearly, something is
> enforcing the mapping on the way into or out of the TDB backend.

I can not figure out what you are trying to do here. HAve you read any of
the command man pages?

> Are you sure this is supposed to "just work"?

Sorry, I am not sure what you mean by that.

- John T.
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list