[Samba] samba problems. accounts expire after a hour, but work after reset

Edmundo Valle Neto edmundo.valle at terra.com.br
Wed Mar 7 21:19:49 GMT 2007


Collen Blijenberg escreveu:
> Sorry, forgot something,
>
> indeed there was a mixup with the migrating, old posix uid were 
> differed than the once we use now.
> a changed the auto_increment value of the user.uid table from mysql.
> i took the highest sid (5620) subbed 1000 and /2 and used that for 
> auto_increment value..
>
> so now my new user accounts are in sync with samba RID's again.
>
> all i'm interested in now is the once i already have and use...
> i have a heap of accounts that have a posix uid, that doesn't fit the 
> rules Edmundo explained (1000 + (2*uid))
> it looks like all works fine, but i would like to take the advise of 
> the experts...
>
> is the rule only active when creating new accounts, or does samba use 
> that rule also with in
> daily basic things ? (like logging in, or accessing shares ??)
>
> does it harm to have a posix uid 1050 and a SID ending with -1299  ?????
>
> Cheers Collen
>
> ...
[cut]

That I know, this algorithmic mapping is made to prevent clashes and 
prevent the use of well know RIDs by Windows domains. I don't know all 
the situations that the algorithmic mapping will be used in addiction of 
the creation of new accounts or to resolve unmapped accounts. (Someone 
correct me if Im wrong).

But I would guess that if your accounts are being resolved (SID<->GID 
and SID<->UID) (and if I remember right those mappings are made inside 
the base used and/or inside groupmap_idmap.tdb, when you are not using 
winbind) you will not have any problems beyond those related with 
permissions by lost/changed ids after used (IF that happened).

Regards.

Edmundo Valle Neto


More information about the samba mailing list