[Samba] Sharing Accounts between Servers and SIDs

Peter Daum gator_ml at yahoo.de
Fri Jul 20 18:55:19 GMT 2007

I maintain a heterogenous network with a shared LDAP account database.
The user accounts have globally unique user names, UIDs and RIDs.
Some, but not all accounts are valid on all machines, but there is no
need for samba to care about this, because there simply won't be a
unix account for invalid users. There are no MS servers involved, and
because every samba server has the same user account base and does its
own authentification, there is no need for winbind.

The samba servers currently still use the old samba2-compatible
ldapsam_compat passdb backend which I eventually want to migrate to the
current sambaSamAccount. While most attributes just changed their names,
which shouldn't make much any difference, I am a little uncertain,
how to handle the new sambaSID attribute without breaking my setup:

Would it work to just put a dummy domain with SID "S-1-0-0" in the
directory and use this as a prefix for all the user SIDs?
Currently, every server has its own SID (which is created by Samba,
so far there was no reason to worry about this), but with the new
LDAP schema, I am afraid that Samba might not accept such an account
as a valid local account ...

Any recommendations?

                    Peter Daum

More information about the samba mailing list