[Samba] Re: Change user IDs on Samba PDC
simo
idra at samba.org
Mon Mar 5 23:35:09 GMT 2007
On Mon, 2007-03-05 at 23:26 +0100, Marco De Vitis wrote:
> On 05/03/2007 14:23, Felipe Augusto van de Wiel wrote:
>
> > That's a little bit of a "hard guess". Windows can be an
> > wild environment, and profiles can be even wilder. :-)
>
> I know, I know ;).
>
> >> PS: actually, I suppose I could simple delete both Linux and Samba users
> >> and create them again, as long as I know their passwords or inform the
> >> "human" users that they have to enter a new password... but what happens
> >> to their roaming profiles? Are they completely lost? Can't I reuse them
> >> by just changing file ownerships?
> >
> > There is a great chance that with new sid the workstation
> > will create a new profile, isn't anything in the Samba Official
> > HOWTO (Desktop Profile Management Chapter) about this?
>
> No, as far as I can tell this situation is not covered there; it talks
> about migrating profiles from a NT PDC, which is somehow different, and
> I'm missing the pieces to link it all together.
You are missing the fact it is the same thing :-)
> Anyway I see mention of a "profiles" Samba tool which might be useful:
> it changes all occurrences of a SID in a NT registry file. But I
> strongly fear it could break something; it also only appears to support
> NT, which probably means you're in for a headache if you use it on XP
> profiles.
profiles are the same on all machines the registry format has not change
afaik.
> Anyway, I could avoid touching the SID, if I can make the Samba users
> keep their SIDs while changing their Linux UIDs.
> This is the first piece I'm missing: what is the link between Samba
> users and Linux UIDs? What happens if I only change the UIDs? Can't I
> just change some references to them in the Samba database?
>
> PS: uhm, I now also noticed that the pdbedit command has -G and -U
> arguments which should be able to change the user/group SID for a
> user... If the only problem is the new SID, then maybe I could simply
> set it like the old one this way.
Why can't you just keep your original tdbsam/ldap database of users,
alogn with your PDC name and the secrets.tdb file ?
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
More information about the samba
mailing list