[Samba] Non-algorithmic RIDs

William Jojo jojowil at hvcc.edu
Fri May 20 17:05:07 GMT 2005



On Fri, 20 May 2005, William Jojo wrote:

>
>
> On Fri, 20 May 2005, Misty Stanley-Jones wrote:
>
> > When I set up my initial users for the Samba domain i did not realize that
> > RIDs were supposed to be dynamic.  I was creating the user as a posixAccount
> > in LDAP, and then adding the Samba elements via a script  that I wrote.
> > Their RIDs are the same as their UID.  For instance if I have a user with
> > uidNumber 1036, her SID would be <domain-SID>-1036.  This is fine except for
> > idmapping for member servers, for ACLs.  I have about 30 users with this
> > problem.  Is there a non-disruptive way for me to convert their RIDs to be
>
> Yes. The default argorithmic way is uidNumber+1000 for RID of user and
> gidNumber+1001 for RID of group entries (sambaGroupMapping).
>

Duh! I meant 2*uidNumber+1000, 2*gidNumber+1001! Sorry....it's friday.

Should try sleeping today... :-)


Bill


> I do the same as you and wrote some in house stuff to fill in some blanks.
>
> > algorithmic based on their UIDs, without destroying their roaming profiles
> > etc?  If not I think we will just have to deal with not being able to use
> > ACLs on member servers, but I thought I would query first.  To reiterate, we
> > are using a LDAP backend.
>
> You will however need to run the "/sambapath/bin/profiles" program against
> the user's ntuser.dat to reflect the new SID-RID value.
>
>
> Shouldn't take long.
>
>
>
> Bill
>
>
> >
> > Misty
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>


More information about the samba mailing list