[Samba] "Well-known Windows RIDs" vs. UIDs/GIDs

David B Harris dbharris at eelf.ddts.net
Tue Nov 22 02:32:50 GMT 2005

Hey all,

I'm looking to merge multiple NT4 domains into a single infrastructure
based on Samba3 and OpenLDAP on Linux of the Debian Sarge flavour (and,
Bob willing, Samba4 before long).

In order to allow some resources to be shared from a single Linux
instance, I'm rather hoping that I can put every domain's information
into a single LDAP DIT. The Samba PDCs will use only portions of the
DIT, in order to give the appearance (to users) of multiple domains.
It'll also hopefully allow some degree of privilege delegation.

*nix boxes would use the entire tree to resolve every UID/GID (though
logins would only be allowed based on some attribute values).

Everything would be fine, except I'm a bit worried about the Well-known
Windows RIDs (512, 513, 514, 550, 551, 552). Obviously the RID must be
those particular numbers, but do the gidNumbers need to match? (Is this
required even generally, that gid/uidNumbers match the RID?)

Note that winbind isn't involved. I haven't found anything in the
documentation, which while I've read through entirely, I haven't read
from front-to-back, so my memory may be failing me. Documentation
pointers very welcome.


     Arguing with an engineer is like wrestling with a pig in mud.
	   After a while, you realise the pig is enjoying it.

		   OpenPGP v4 key ID: 4096R/59DDCB9F
    Fingerprint: CC53 F124 35C0 7BC2 58FE  7A3C 157D DFD9 59DD CB9F
		     Retrieve from subkeys.pgp.net

More information about the samba mailing list