[Samba] Active directory and winbind RID/SID to uid and gid maping across several linux servers

Reece Dike samba at erd3.com
Tue Mar 10 18:24:00 GMT 2009

We are using a windows server 2003 active directory as our single sign
on server.  I have been able to get our RHEL4U6 servers to authenticate
with active directory.

My concern is that the RID mapping to unix uid/gid range (15000-20000)
is stored locally on each machine in a tdb database.  So far all of the
servers have produced the same mapping, but I do not think it is
guarantied. I think the fact that I do a wbinfo -u and wbinfo -g as part
of the setup and there have been no users/groups added to active
directory has made the mappings the same.  I know that the uid/gid are
not being store in active directory(I did a 'dsquery * -scope base
-attrib *' on my id in active directory).  Is there any way to guaranty
the RID to uid/gid mapping across several servers?

Reece Dike

Here is my smb.conf
   workgroup = MYDOMAIN
   server string = Samba Server Version %v
   security = ADS
   password server =
   realm = MYDOMAIN.COM
   passdb backend = tdbsam
   load printers = yes
   cups options = raw
   template shell = /bin/false
   server signing = autos
   idmap uid = 15000-20000
   idmap gid = 15000-20000
   winbind enum groups = yes
   winbind enum users = yes
   winbind separator = +
   winbind use default domain = no
   template homedir = /homes/%D/%U
   template shell = /bin/bash

        comment = Home Directories
        browseable = no
        writable = yes

        comment = All Printers
        path = /var/spool/samba
        browseable = no
        guest ok = no
        writable = no
        printable = yes

comment = Backups and Stuff
path = /usbdrive
valid users = +"MYDOMAIN+Domain Users"
read only = no

More information about the samba mailing list