[Samba] pdbedit and root SID/RID
msilveira at linuxbr.com
Sun Apr 15 18:19:22 GMT 2007
I've been reading every documentation available for creating smb domain
groups and users, mapping domain groups and users... still learning...
Every document I read states that root should be modified to RID 500, by
running ' pdbedit -U `net getlocalsid | cut -d ":" -f2 | tr -d ' '`-500
-u root -r', but I always get root to RID 1000 and its domain group RID
513 (Domain Users). I tried changing 'algorithmic rid base' to 500, but
it complains about this number, that is should be at least 1000:
root at msgw:[~]# pdbedit -U `net getlocalsid | cut -d ":" -f2 | tr -d '
'`-500 -u root -r
'algorithmic rid base' must be equal to or above 1000
Tried in smb.conf (trying to exclude 1000 from my way!):
idmap uid = 500-900
idmap backend = rid:"BUILTIN=500-900,DOMNAME=2000-100000000"
If I try to remove root, and add again with RID 1010, it still gets RID
1000 and group RID 513...
Just to make it clear, I'm using Slackware 11.0, samba version is the
distro's stock installation, v 3.0.23c. Not using LDAP backend, just the
Tried changing all users sid with base uid 500 and changed login.defs
with MIN_UID to 500 (Slackware defaults to 1000), tried cleaning
I wonder if this is something on compile time, something that has
changed with samba versions greater than 3.0.11...
NOTE: Interesting, while writing this mail I tricked with pdbedit and
userids(vipw)... look at this:
pdbedit -U <MACHINE_SID>-1001 -u root -a
retype new password:
build_sam_pass: Failing attempt to store user with non-uid based user RID.
Unable to add user! (does it already exist?)
uid 1001 doesn't exist, neither 1000! If I run with RID 1000 it works.
Any hints, tricks? HELP! :)
More information about the samba