[Samba] Non-algorithmic RIDs

William Jojo jojowil at hvcc.edu
Fri May 20 16:57:09 GMT 2005

On Fri, 20 May 2005, Misty Stanley-Jones wrote:

> When I set up my initial users for the Samba domain i did not realize that
> RIDs were supposed to be dynamic.  I was creating the user as a posixAccount
> in LDAP, and then adding the Samba elements via a script  that I wrote.
> Their RIDs are the same as their UID.  For instance if I have a user with
> uidNumber 1036, her SID would be <domain-SID>-1036.  This is fine except for
> idmapping for member servers, for ACLs.  I have about 30 users with this
> problem.  Is there a non-disruptive way for me to convert their RIDs to be

Yes. The default argorithmic way is uidNumber+1000 for RID of user and
gidNumber+1001 for RID of group entries (sambaGroupMapping).

I do the same as you and wrote some in house stuff to fill in some blanks.

> algorithmic based on their UIDs, without destroying their roaming profiles
> etc?  If not I think we will just have to deal with not being able to use
> ACLs on member servers, but I thought I would query first.  To reiterate, we
> are using a LDAP backend.

You will however need to run the "/sambapath/bin/profiles" program against
the user's ntuser.dat to reflect the new SID-RID value.

Shouldn't take long.


> Misty
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list