[Samba] gidNumber's and ldap backed samba PDC

LiPi - lipixx at gmail.com
Tue Mar 24 18:31:55 GMT 2009


Despite that RID!=GID, mappings between samba rids and groups must be
there if you want the server to act as a PDC. If there are some GID's
mapped to i.e. RID 512, and these GID is used by another group, then
there will be a conflict.

I had this problem one week ago, when I was trying to give permissions
to a folder. So, choose N GID's to map with samba RID's or change the
group GID of these conflicting groups. Be also areful with UID.

2009/3/24 Adam Tauno Williams <awilliam at whitemice.org>:
> On Tue, 2009-03-24 at 12:10 -0500, Derek Werthmuller wrote:
>> In the planning process for migrating from NT4 PDC, and external ldap
>> directory to samba 3.2.8 PDC. The external existing openldap directory is
>> used currently to support the local uid mapping for the Linux logins and
>> samba file servers that are members of the current NT4 PDC.
>> While looking at the existing openldap UIDs and GIDs in use and what the
>> samba PDC wants to use I see some uid/gid collisions.  For example I see
>> that the Domain Admins uses gid 512, just so happens to be the same as a
>> file system group(in the ldap directory).
>
> No, it doesn't.  RID != GID.  A RID is a component of the SID and SIDs
> are mapped to UIDs & GIDs.
>
>> Is it better to change the users group gid and leave the samba domain admins
>> and such the way they are?
>
> Not necessary.
>
>> I suspect a small shell script can crawl the file system and replace one gid
>> for another if I were to change the users GID.
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list