[Samba] RID/SIDs

Daniel Corbe daniel.junkmail at gmail.com
Fri Jan 28 18:36:35 GMT 2005 

Every user has to have a unique SID right?

Here's my problem

The smbldap-adduser function works fantastically for adding new
accounts to the system.  I already have existing accounts though in
LDAP that I need to add all the Samba attributes to.  I was just going
to write a quick and dirty little perl script for it; however I need
to understand how the individual users are assigned SIDs first.

-Daniel


On Fri, 28 Jan 2005 09:37:14 -0700, John H Terpstra <jht at samba.org> wrote:
> On Friday 28 January 2005 09:26, Christian HAESSIG wrote:
> > Hi,
> >
> > does this mean that, in an ads domain, the net getlocalsid command must
> > return the sid of the ads domain ?
> 
> The domain SID for a remote domain can be obtained by executing:
> 
>         net getlocalsid 'DOMAIN' -S [PDC | BDC]
> 
> - John T.
> 
> >
> > Thanks for your answers,
> >
> > Christian
> >
> > > -----Message d'origine-----
> > > De : samba-bounces+christian.haessig=ircad.u-strasbg.fr at lists.samba.org
> > > [mailto:samba-bounces+christian.haessig=ircad.u-strasbg.fr at lists.samba.o
> > > rg]De la part de John H Terpstra
> > > Envoyé : vendredi 28 janvier 2005 17:08
> > > À : samba at lists.samba.org; Daniel Corbe
> > > Objet : Re: [Samba] RID/SIDs
> > >
> > > On Friday 28 January 2005 07:52, Daniel Corbe wrote:
> > > > Hey
> > > >
> > > > Can someone point me to a FAQ or an RTFM on what SIDs and RIDs are and
> > > > how to generate them properly?
> > >
> > > The SID is generated automatically by Samba. If you change a
> > > Samba server name
> > > or workgroup name a new SID will be generated. This is a strong
> > > argument in
> > > favor of backing up the SID. You can obtain the SID of the Samba
> > > server by
> > > executing:
> > >
> > >     net getlocalsid
> > >     SID for domain FRODO is: S-1-5-21-726309263-4128913604-1168186429
> > >
> > > The SID can be restored by executing:
> > >     net setlocalsid S-1-5-21-726309263-4128913604-1168186429
> > >
> > > In a Windows NT4 or ADS domain the RID is generated as the
> > > account is created.
> > > The user SID = domain_SID+RID, in the above case the SID for my
> > > user account
> > > is S-1-5-21-726309263-4128913604-1168186429-4214.
> > >
> > > Samba uses an algorithm to create a RID from the users UID. The default
> > > algorithm is:   RID = (UID x 2) + 1000
> > >
> > > The best source of documentation for how this is handled in Samba
> > > is in the
> > > source code.
> > >
> > > - John T.
> > > --
> > > John H Terpstra
> > > Samba-Team Member
> > > Phone: +1 (650) 580-8668
> > >
> > > Author:
> > > The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
> > > Samba-3 by Example, ISBN: 0131472216
> > > Hardening Linux, ISBN: 0072254971
> > > Other books in production.
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> --
> John H Terpstra
> Samba-Team Member
> Phone: +1 (650) 580-8668
> 
> Author:
> The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
> Samba-3 by Example, ISBN: 0131472216
> Hardening Linux, ISBN: 0072254971
> Other books in production.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list