[Samba] gidNumber's and ldap backed samba PDC
dwerthmu at ctg.albany.edu
Tue Mar 24 18:31:54 GMT 2009
Ok I see it appears that the ldap entries that samba needs in the directory
are under a different O. ou=groups,o=smb,dc=unav,dc=es for example.
dn: cn=Domain Admins,ou=groups,o=smb,dc=unav,dc=es
cn: Domain Admins
Where my user/file system groups would be under traditional ldap entries
creatorsName: cn=Manager, dc=ct,dc=unav,dc=es
From: samba-bounces+dwerthmu=ctg.albany.edu at lists.samba.org
[mailto:samba-bounces+dwerthmu=ctg.albany.edu at lists.samba.org] On Behalf Of
Adam Tauno Williams
Sent: Tuesday, March 24, 2009 1:38 PM
To: 'samba at lists.samba.org'
Subject: Re: [Samba] gidNumber's and ldap backed samba PDC
On Tue, 2009-03-24 at 12:10 -0500, Derek Werthmuller wrote:
> In the planning process for migrating from NT4 PDC, and external ldap
> directory to samba 3.2.8 PDC. The external existing openldap directory
> is used currently to support the local uid mapping for the Linux
> logins and samba file servers that are members of the current NT4 PDC.
> While looking at the existing openldap UIDs and GIDs in use and what
> the samba PDC wants to use I see some uid/gid collisions. For example
> I see that the Domain Admins uses gid 512, just so happens to be the
> same as a file system group(in the ldap directory).
No, it doesn't. RID != GID. A RID is a component of the SID and SIDs are
mapped to UIDs & GIDs.
> Is it better to change the users group gid and leave the samba domain
> admins and such the way they are?
> I suspect a small shell script can crawl the file system and replace
> one gid for another if I were to change the users GID.
To unsubscribe from this list go to the following URL and read the
More information about the samba