[Samba] pdbedit and root SID/RID

Mauricio Silveira msilveira at linuxbr.com
Sun Apr 15 18:19:22 GMT 2007


I've been reading every documentation available for creating smb domain 
groups and users, mapping domain groups and users... still learning...

Every document I read states that root should be modified to RID 500, by 
running ' pdbedit -U `net getlocalsid | cut -d ":" -f2 | tr -d ' '`-500 
-u root -r', but I always get root to RID 1000 and its  domain group RID 
513 (Domain Users). I tried changing 'algorithmic rid base' to 500, but 
it complains about this number, that is should be at least 1000:
root at msgw:[~]# pdbedit -U `net getlocalsid | cut -d ":" -f2 | tr -d ' 
'`-500 -u root -r
'algorithmic rid base' must be equal to or above 1000

Tried in smb.conf (trying to exclude 1000 from my way!):
idmap uid = 500-900
idmap backend = rid:"BUILTIN=500-900,DOMNAME=2000-100000000"

If I try to remove root, and add again with RID 1010, it still gets RID 
1000 and group RID 513...

Just to make it clear, I'm using Slackware 11.0, samba version is the 
distro's stock installation, v 3.0.23c. Not using LDAP backend, just the 
old smbpasswd.

Tried changing all users sid with base uid 500 and changed login.defs 
with MIN_UID to 500 (Slackware defaults to 1000), tried cleaning 

I wonder if this is something on compile time, something that has 
changed with samba versions greater than 3.0.11...

NOTE: Interesting, while writing this mail I tricked with pdbedit and 
userids(vipw)... look at this:
pdbedit -U <MACHINE_SID>-1001 -u root -a
new password:
retype new password:
build_sam_pass: Failing attempt to store user with non-uid based user RID.
Unable to add user! (does it already exist?)

uid 1001 doesn't exist, neither 1000! If I run with RID 1000 it works. 
It shouldn't!!!??

Any hints, tricks? HELP! :)


More information about the samba mailing list