[Samba] gidNumber's and ldap backed samba PDC

Adam Tauno Williams awilliam at whitemice.org
Tue Mar 24 17:37:45 GMT 2009

On Tue, 2009-03-24 at 12:10 -0500, Derek Werthmuller wrote:
> In the planning process for migrating from NT4 PDC, and external ldap
> directory to samba 3.2.8 PDC. The external existing openldap directory is
> used currently to support the local uid mapping for the Linux logins and
> samba file servers that are members of the current NT4 PDC.
> While looking at the existing openldap UIDs and GIDs in use and what the
> samba PDC wants to use I see some uid/gid collisions.  For example I see
> that the Domain Admins uses gid 512, just so happens to be the same as a
> file system group(in the ldap directory).

No, it doesn't.  RID != GID.  A RID is a component of the SID and SIDs
are mapped to UIDs & GIDs.

> Is it better to change the users group gid and leave the samba domain admins
> and such the way they are? 

Not necessary.

> I suspect a small shell script can crawl the file system and replace one gid
> for another if I were to change the users GID.

More information about the samba mailing list