[Samba] matching UIDs to RIDs when converting from Windows to Samba

[Andrew Bartlett]

On Mon, Mar 15, 2004 at 10:27:29PM -0500, Ed Ravin wrote:
> I'd like to just say in advance that I really appreciate the responses
> received so far, especially the patience with what looks to you like dumb
> typos on my part.
> 
> > > 0xc98 is 3224.  It looks like the algorithmic mapping happened when I
> > > ran "pdbedit -i".  Even if I use "pdbedit -u bilbo -U <sid-string>-1112",
> > > the stored value in the TDB is still 0xc98.  Clearly, something is
> > > enforcing the mapping on the way into or out of the TDB backend.
> >
> > I can not figure out what you are trying to do here.
> 
> You must have missed the first message in this thread.  I'm trying to
> force the user RIDs to particular values in the range 1000-1200 in order
> to have a seamless migration from an existing Win2k server acting as PDC
> for a handful of clients.  I started by naively making sure all the UIDs
> on the Unix box matched the RIDs in the Windows domain, but since Samba
> insists on remapping the RIDS to avoid potential collision with Windows
> users, that didn't work.  Andrew Bartlett responded with:
> 
> > If you used a 'real' passdb backend, like ldapsam and tdbsam, then
> > this should 'just work'.
> 
> Hence my current line of investigation.
> 
> > Have you read any of the command man pages?
> 
> Yes, lots of them.  And big chunks of the HOWTOs.  I'm also reading
> the source code for pdbedit to try figure out where the transformation
> is taking place.  Is it worth trying to use tdbtool to change the
> values in passdb.tdb to what I want?

The problem is that you are trying to be a little too smart about it
all. If you had followed the instructions in the HOWTO, you would have
run 'net rpc vampire' into tdbsam, or ldapsam.  As soon as you touch
smbpasswd, the data is lost and the game is up.

Redo your migration into tdbsam, and things should work a lot better.

Andrew  Bartlett