[Samba] gidNumber's and ldap backed samba PDC
Adam Tauno Williams
awilliam at whitemice.org
Tue Mar 24 17:37:45 GMT 2009
On Tue, 2009-03-24 at 12:10 -0500, Derek Werthmuller wrote:
> In the planning process for migrating from NT4 PDC, and external ldap
> directory to samba 3.2.8 PDC. The external existing openldap directory is
> used currently to support the local uid mapping for the Linux logins and
> samba file servers that are members of the current NT4 PDC.
> While looking at the existing openldap UIDs and GIDs in use and what the
> samba PDC wants to use I see some uid/gid collisions. For example I see
> that the Domain Admins uses gid 512, just so happens to be the same as a
> file system group(in the ldap directory).
No, it doesn't. RID != GID. A RID is a component of the SID and SIDs
are mapped to UIDs & GIDs.
> Is it better to change the users group gid and leave the samba domain admins
> and such the way they are?
> I suspect a small shell script can crawl the file system and replace one gid
> for another if I were to change the users GID.
More information about the samba