[Samba] matching UIDs to RIDs when converting from Windows to
Samba
Ed Ravin
eravin at panix.com
Tue Mar 16 03:27:29 GMT 2004
I'd like to just say in advance that I really appreciate the responses
received so far, especially the patience with what looks to you like dumb
typos on my part.
> > Thanks, but it doesn't. I looked up tdbedit and the HOWTO and did
> > the following:
> >
> > ; added this to smb.conf
> > passdb backend = tdb
>
> Try:
> passdb backend = tdbsam
Actually, I think that's what I did do, that was a cut-and-paste error
in the original email.
> > # ran this:
> > # pdbedit -i smbpasswd
> Try:
> pdbedit -i smbpasswd -e tdbsam
>
> It helps if you tell it which backend to migrate to.
If my first attempt didn't work, why did /etc/samba/passdb.tdb get
populated? No matter, I tried again with the syntax as shown above,
same results.
> > Now, if I look at the table with pdbedit:
> >
> > # pdbedit -L -u bilbo
> > bilbo:1112:Bilbo Baggins
>
> That's likely derived from smbpasswd, not from tdbsam since you did not
> specify a tdbsam.
Nope, it's not coming from smbpasswd, I renamed it after the import.
# strace -e open pdbedit -L -u bilbo
...
open("/pkg/samba-3.0.2a/usr/lib/samba/valid.dat", O_RDONLY) = 3
open("/pkg/samba-3.0.2a/etc/samba/passdb.tdb", O_RDONLY) = 3
open("/pkg/samba-3.0.2a/etc/samba/secrets.tdb", O_RDWR|O_CREAT, 0600) = 4
open("/etc/nsswitch.conf", O_RDONLY) = 3
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/libnss_files.so.2", O_RDONLY) = 3
open("/etc/passwd", O_RDONLY) = 3
bilbo:1112:Bilbo Baggins
As you can see, it's opening passdb.tdb. I see it's also opening
/etc/passwd, which is a little suspicious. Perhaps that's where it's
getting the 1112 value from?
> > If I run tdbdump | grep -C2 bilbo I see this:
> >
> > {
> > key = "RID_00000c98\00"
> > data = "bilbo\00"
> > }
>
> You have not provided enough information to comment on this. The tdbdump
> command should be passed the name of a tdb file. Your example does not do
> that.
Typo again, that was really "tdbdump /etc/samba/passdb.tdb | grep -C2 bilbo"
> > 0xc98 is 3224. It looks like the algorithmic mapping happened when I
> > ran "pdbedit -i". Even if I use "pdbedit -u bilbo -U <sid-string>-1112",
> > the stored value in the TDB is still 0xc98. Clearly, something is
> > enforcing the mapping on the way into or out of the TDB backend.
>
> I can not figure out what you are trying to do here.
You must have missed the first message in this thread. I'm trying to
force the user RIDs to particular values in the range 1000-1200 in order
to have a seamless migration from an existing Win2k server acting as PDC
for a handful of clients. I started by naively making sure all the UIDs
on the Unix box matched the RIDs in the Windows domain, but since Samba
insists on remapping the RIDS to avoid potential collision with Windows
users, that didn't work. Andrew Bartlett responded with:
> If you used a 'real' passdb backend, like ldapsam and tdbsam, then
> this should 'just work'.
Hence my current line of investigation.
> Have you read any of the command man pages?
Yes, lots of them. And big chunks of the HOWTOs. I'm also reading
the source code for pdbedit to try figure out where the transformation
is taking place. Is it worth trying to use tdbtool to change the
values in passdb.tdb to what I want?
Thanks,
-- Ed
[original message below in full for reference]
On Tue, Mar 16, 2004 at 02:46:16AM +0000, John H Terpstra wrote:
> On Mon, 15 Mar 2004, Ed Ravin wrote:
>
> > On Tue, Mar 16, 2004 at 01:26:11AM +0000, Andrew Bartlett wrote:
> > > On Mon, Mar 15, 2004 at 08:11:42PM -0500, Ed Ravin wrote:
> > > > I have a bunch of Windows users using a Win2k server as a PDC. I want
> > > > to move all the server functions to a Samba server without disturbing
> > > > the users in any way. The client machines are all Win2k, using local
> > > > profiles.
> > > >
> > > > Samba insists on algorithmicly generating the RID from the UID, so the
> > > > Windows user, after migration, gets a new SID and loses contact with
> > > > their local profile. In fact, they seem to be an entirely different
> > > > user, with a new SID and new profile directory.
> > >
> > > If you used a 'real' passdb backend, like ldapsam and tdbsam, then
> > > this should 'just work'.
> >
> > Thanks, but it doesn't. I looked up tdbedit and the HOWTO and did
> > the following:
> >
> > ; added this to smb.conf
> > passdb backend = tdb
>
> Try:
> passdb backend = tdbsam
>
> >
> > # ran this:
> > # pdbedit -i smbpasswd
>
> Try:
> pdbedit -i smbpasswd -e tdbsam
>
> It helps if you tell it which backend to migrate to.
>
> >
> > Now, if I look at the table with pdbedit:
> >
> > # pdbedit -L -u bilbo
> > bilbo:1112:Bilbo Baggins
>
> That's likely derived from smbpasswd, not from tdbsam since you did not
> specify a tdbsam. Samba has no idea what to do with:
>
> passdb backend = tdb
>
> I'm surprised you got no error messages in the log files. Did you check
> the logs?
>
> >
> > That looks good, but the when I query via rpcclient for the RID, it's still
> > 3224, which is the value returned by the algorithmic mapping (1112 * 2 + 1000).
> >
> > If I run tdbdump | grep -C2 bilbo I see this:
> >
> > {
> > key = "RID_00000c98\00"
> > data = "bilbo\00"
> > }
>
> You have not provided enough information to comment on this. The tdbdump
> command should be passed the name of a tdb file. Your example does not do
> that.
>
> >
> > 0xc98 is 3224. It looks like the algorithmic mapping happened when I
> > ran "pdbedit -i". Even if I use "pdbedit -u bilbo -U <sid-string>-1112",
> > the stored value in the TDB is still 0xc98. Clearly, something is
> > enforcing the mapping on the way into or out of the TDB backend.
>
> I can not figure out what you are trying to do here. HAve you read any of
> the command man pages?
>
> >
> > Are you sure this is supposed to "just work"?
> >
>
> Sorry, I am not sure what you mean by that.
>
>
> - John T.
> --
> John H Terpstra
> Email: jht at samba.org
>
--
eravin@ | Grief can take care of itself; but to get the full
panix.com | value of a joy you must have somebody to divide it with.
| -- Mark Twain
More information about the samba
mailing list