[Samba] Re: problem with sambaNextRid (WAS: updating samba/ldap: do I need new attributes?)

Thierry Lacoste lacoste at miage.univ-paris12.fr
Wed Mar 25 14:14:52 GMT 2009

I was talking about SID calculation for machine accounts upon domain joining.
What is the relation that you have between SID and UID for a given machine?
Can you handcraft this relation?

Quoting Adam Williams <awilliam at mdah.state.ms.us>:

> Oh, i calculate the RID by hand and add it with net groupmap add
> rid=xxxx ntgroup="what ever" unixgroup=whatever type=d
> and i think your math is wrong, it is group # * 2 + 1001.
> to get a UID's RID, it is uid * 2 + 1000.
> Thierry Lacoste wrote:
>> Sorry if I missed your point but I have no problems with UIDs and GIDs.
>> The smbldap-tools keep the next available ones in the attributes
>> uidNumber and gidNumber of the sambaDomainName LDAP entry.
>> The problem is that samba's RID calculation changed somewhere between
>> 3.0.22 and 3.0.34.
>> What should I do to upgrade as easily as possible from 3.0.22
>> (where RID=1000+2*UID) to 3.0.34 (where the next available RID
>> is kept in the sambaNextRid attribute of the sambaDomainName LDAP entry)?
>> If I don't deel with this change I will have SID clashes.
>> Or did you mean that you assign SIDs by hand with ldif files?
>> Regards,
>> Thierry

More information about the samba mailing list