[Samba] Non-algorithmic RIDs

Tony Earnshaw tonye at billy.demon.nl
Sat May 21 08:05:44 GMT 2005

fre, 20.05.2005 kl. 18.43 skrev Misty Stanley-Jones:

> > So do I, awk/sed/shell. I use smbpasswd (amongst other Samba utilities)
> > and I don't have your problem. Don't you know what smbpasswd is? Try
> > 'man smbpasswd' ;)
> Yes, I know what it is.  No, I did not use it.  I use LDAP, and I did all of 
> my entries in LDAP directly, skipping the Samba layer.  It may have been the 
> wrong way, but it is done and I have a fully running domain that has been 
> running for more than 6 months that way.  I do not even use smbpasswd now, 
> but smbldap-tools.

To each his own poison ;) I can't use the idealx tools.

> > smbpasswd will do what you want, if you already have posixGroup entries
> > for users, groups and computers.
> Are you telling me that smbpasswd will change the RIDs for already-existing 
> Samba users?  I did not know that.

No. If you have added a new LDAP posixAccount with your favorite script
(I write my own), OR after you have deleted the sambaSAMAccount
objectClass from a combined posixAccount/sambaSAMAccount record, then by
running 'smbpasswd -a' on that account you wil get a sambaSAMAccount
entry that adds  algorithmically calculated SIDs (with RIDs) for that
machine or user, based on the uidNumber and gidNumber.

These RIDS will be perfectly acceptable across your whole database, but
ONLY IF you haven't gone and messed up the database by inserting your
own RIDs on the basis of your own whims. If you have done the latter (as
you have), then the smbpasswd method can't help you.

> I get the feeling I have really frustrated you.  Sorry.

Not really. Background: in February last I had an 1150+ user LDAP
posixAccount database (made using an awk script) for other things than
Samba. It was completely differently structured than the idealx scripts
would have done things. Then I had to migrate from an old NT4 PDC to
Samba and decided to use my LDAP database as ldapsam backend. By running
a simple shell ldapsearch/smbpasswd script on the database, I made all
my posixAccount users into Samba users, with all RIDs calculated
automatically, as documented in 'man smbpasswd'. Machines get added with
a separate LDAP shell script and smbpasswd, but with correct RIDs.

If I seem frustrated, it's only because the whole thing was so damned
easy and it works so well, that I'd like for others to be able to
understand how brilliant the Samba tools are for implementing custom
solutions. Completely independently from any smbldap-tools solution.


Nothing sucksseeds like a pigeon without a beak ...

mail: tonye at billy.demon.nl
They'll love us, won't they? They feed us, don't they? ...

More information about the samba mailing list