[Samba] what samba file do I need to change when manually changing
gid in /etc/group file?
Urs Rau
urs.rau at uk.om.org
Mon May 29 11:46:58 GMT 2006
Sorry for appearing to answer my own post. I just thought I might not
have given enough detail.
Urs Rau wrote:
> I have a need to renumber some of my /etc/group numbers from below 100
> to a value that is above 500. (e.g 88 -> 535, 91 -> 632, etc etc, about
> 9 changes in total)
>
> If I had to do this in an earlier version of samba then I think the
> correct files I would have to keep in sync would be /etc/group and
> /etc/samba/smbpasswd, simply changing the gid from the value below 100
> to it's new value above 500. And then of course run a script that does
> those changes for all directories and files owned by that old low
> numbered group against the filesystem.
>
> But now that I am using samba samba-3.0.14a-2 it looks as if this
> version no longer stores the gid in the /etc/samba/smbpasswd file, as this file is
> now empty. Does samba now build the group sid dynamically from the
> values in /etc/group, or do I have to tell samba somehow, somewhere that
> the gid value for the low numbered gid is now such and such higher
> numbered value?
Maybe the answer depends on how I am running samba on this machine? Well
it is a PDC of a domain with name 'WORKGROUP'. Here are hopefully the
relevant lines from the testparm output.
# Global parameters
[global]
dos charset = CP850
unix charset = UTF-8
display charset = LOCALE
workgroup = WORKGROUP
realm =
netbios name = LINUX
netbios aliases =
netbios scope =
server string = ""
interfaces = 10.37.1.200/24, 10.37.2.200/24, lo
bind interfaces only = Yes
security = USER
auth methods =
encrypt passwords = Yes
update encrypted = No
client schannel = Auto
server schannel = Auto
allow trusted domains = Yes
hosts equiv =
min password length = 5
map to guest = Never
null passwords = No
obey pam restrictions = No
password server = *
smb passwd file = /etc/samba/smbpasswd
private dir = /etc/samba
passdb backend = tdbsam
algorithmic rid base = 1000
root directory =
guest account = nobody
enable privileges = Yes
pam password change = No
passwd program = /usr/local/sbin/sysadm-samba.pl --changepw=%u
passwd chat = *new*password* %n\n *changed*
passwd chat debug = No
passwd chat timeout = 2
check password script =
username map =
password level = 0
username level = 0
unix password sync = Yes
restrict anonymous = 0
lanman auth = Yes
ntlm auth = Yes
client NTLMv2 auth = No
client lanman auth = Yes
client plaintext auth = Yes
preload modules =
use kerberos keytab = No
log level = 1
syslog = 1
syslog only = No
log file =
max log size = 5000
debug timestamp = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
smb ports = 139 445
large readwrite = Yes
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = No
write raw = Yes
disable netbios = No
acl compatibility =
defer sharing violations = Yes
nt pipe support = Yes
nt status support = Yes
announce version = 4.9
announce as = NT
max mux = 50
max xmit = 16644
name resolve order = lmhosts hosts wins bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = Yes
unix extensions = Yes
use spnego = Yes
client signing = auto
server signing = No
client use spnego = Yes
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
kernel change notify = Yes
lpq cache time = 60
max smbd processes = 0
paranoid server security = Yes
max disk size = 0
max open files = 10000
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192
SO_SNDBUF=8192
use mmap = Yes
hostname lookups = No
name cache timeout = 660
load printers = Yes
printcap cache time = 0
printcap name = cups
cups server =
disable spoolss = No
enumports command = /usr/local/bin/samba_enumports.sh
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
mangling method = hash2
mangle prefix = 1
stat cache = Yes
machine password timeout = 604800
add user script =
delete user script =
add group script =
delete group script =
add user to group script =
delete user from group script =
set primary group script =
add machine script = /usr/sbin/adduser -n -g machines -c Machine -d
/dev/null -s /bin/false %u
shutdown script =
abort shutdown script =
logon script = logon.bat
logon path = \\%L\profiles\%U
logon drive = h:
logon home = \\%L\%U\.profile
domain logons = Yes
os level = 255
lm announce = Auto
lm interval = 60
preferred master = Yes
local master = Yes
domain master = Yes
browse list = Yes
enhanced browsing = Yes
dns proxy = Yes
wins proxy = No
wins server =
wins support = Yes
wins hook =
wins partners =
kernel oplocks = Yes
lock spin count = 3
lock spin time = 10
oplock break wait time = 0
ldap admin dn =
ldap delete dn = No
ldap filter = (uid=%u)
ldap group suffix =
ldap idmap suffix =
ldap machine suffix =
ldap passwd sync = no
ldap replication sleep = 1000
ldap suffix =
ldap ssl =
ldap timeout = 15
ldap user suffix =
add share command =
change share command =
delete share command =
config file =
preload =
lock directory = /var/cache/samba
pid directory = /var/run
utmp directory =
wtmp directory =
utmp = No
default service =
message command = bash -c 'cat %s | logger -t %f' &
dfree command =
get quota command =
set quota command =
remote announce = 10.37.2.255/24
remote browse sync = 10.37.2.240
socket address = 10.37.1.200 10.37.2.200 127.0.0.1
homedir map = auto.home
afs username map =
afs token lifetime = 604800
log nt token command =
time offset = 0
NIS homedir = No
panic action =
host msdfs = No
enable rid algorithm = Yes
idmap backend =
idmap uid =
idmap gid =
template primary group = nobody
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 300
winbind enable local accounts = No
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = No
winbind trusted domains only = No
winbind nested groups = No
comment =
path =
username =
invalid users =
valid users =
admin users = root, sysadmin, Administrator, admin
read list =
write list =
printer admin = @dom_admin, @app_admin, root, sysadmin, Administrator,
admin
force user =
force group =
read only = No
create mask = 0744
force create mode = 0660
security mask = 0777
force security mode = 00
directory mask = 02770
force directory mode = 02000
directory security mask = 0777
force directory security mode = 00
force unknown acl user = No
inherit permissions = No
inherit acls = No
guest only = No
guest ok = No
only user = No
hosts allow =
hosts deny =
allocation roundup size = 1048576
ea support = No
nt acl support = Yes
profile acls = No
map acl inherit = Yes
afs share = No
block size = 1024
max connections = 0
min print space = 2048
strict allocate = No
strict sync = No
sync always = No
use sendfile = No
write cache size = 0
max reported print jobs = 0
max print jobs = 1000
printable = No
printing = cups
cups options = "raw"
print command =
lpq command = %p
lprm command =
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
use client driver = No
default devmode = No
force printername = No
default case = lower
case sensitive = Auto
preserve case = Yes
short preserve case = Yes
mangling char = ~
hide dot files = Yes
hide special files = No
hide unreadable = No
hide unwriteable files = No
delete veto files = No
veto files = lost+found/proc/dev
hide files =
veto oplock files =
/*.mdb/*.MDB/*.dbf/*.DBF/*.eml/*.nws/*.EML/*.NWS/*.{*}/*.doc/*.DOC/*.xls/*.XLS/*.ldb/*.LDB/*.ppt/*.PPT/*.pub/*.PUB/*.pst/*.PST/*.pmm/*.PMM/*.pmi/*.PMI/*.cnm/*.CNM
map system = No
map hidden = No
map archive = Yes
mangled names = Yes
mangled map =
store dos attributes = No
browseable = Yes
blocking locks = Yes
csc policy = manual
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = Yes
share modes = Yes
copy =
include =
preexec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = Yes
dos filetime resolution = Yes
fake directory create times = No
vfs objects =
msdfs root = No
msdfs proxy =
Thanks for any help in how I tell samba about the linux gid numbers.
Regards,
--
Urs Rau
More information about the samba
mailing list