[Samba] Re: Change user IDs on Samba PDC

simo idra at samba.org
Mon Mar 5 23:35:09 GMT 2007 

On Mon, 2007-03-05 at 23:26 +0100, Marco De Vitis wrote:
> On 05/03/2007 14:23, Felipe Augusto van de Wiel wrote:
> 
> > 	That's a little bit of a "hard guess". Windows can be an
> > wild environment, and profiles can be even wilder. :-)
> 
> I know, I know ;).
> 
> >> PS: actually, I suppose I could simple delete both Linux and Samba users
> >> and create them again, as long as I know their passwords or inform the
> >> "human" users that they have to enter a new password... but what happens
> >> to their roaming profiles? Are they completely lost? Can't I reuse them
> >> by just changing file ownerships?
> > 
> > 	There is a great chance that with new sid the workstation
> > will create a new profile, isn't anything in the Samba Official
> > HOWTO (Desktop Profile Management Chapter) about this?
> 
> No, as far as I can tell this situation is not covered there; it talks 
> about migrating profiles from a NT PDC, which is somehow different, and 
> I'm missing the pieces to link it all together.

You are missing the fact it is the same thing :-)

> Anyway I see mention of a "profiles" Samba tool which might be useful: 
> it changes all occurrences of a SID in a NT registry file. But I 
> strongly fear it could break something; it also only appears to support 
> NT, which probably means you're in for a headache if you use it on XP 
> profiles.

profiles are the same on all machines the registry format has not change
afaik.

> Anyway, I could avoid touching the SID, if I can make the Samba users 
> keep their SIDs while changing their Linux UIDs.
> This is the first piece I'm missing: what is the link between Samba 
> users and Linux UIDs? What happens if I only change the UIDs? Can't I 
> just change some references to them in the Samba database?
> 
> PS: uhm, I now also noticed that the pdbedit command has -G and -U 
> arguments which should be able to change the user/group SID for a 
> user... If the only problem is the new SID, then maybe I could simply 
> set it like the old one this way.

Why can't you just keep your original tdbsam/ldap database  of users,
alogn with your PDC name and the secrets.tdb file ?

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org

More information about the samba mailing list