[Samba] idmapping changes from 3.0.10 to 3.4.2.

Robert LeBlanc robert at leblancnet.us
Mon Nov 2 17:14:40 MST 2009

On Mon, Nov 2, 2009 at 6:06 PM, Wayne Rasmussen <waynemonarch at gmail.com>wrote:

> Backendwise, it has to be local, we don't have any write permission to AD
> or
> If I do: wbinfo -n knixon, I get the ssid back.  Taking it to the next
> level
> with:
> wbinfo -S `wbinfo -n knixon`  gets me:
> Could not convert sid S-1-5-21-1606980848-1644491937-839522115-152478 to
> uid
> So it looks like we are getting what we need from AD and that I just have
> some kind of issue with the smb.conf configuration.
Just FYI, hash and rid does not write anything to AD. In fact, I don't think
either write anything anywhere, they are generated on the fly. Hash takes
the 31-bit uid/gid and for the higher end bits, hashes the domain, on the
lower end of the bits, it hashes the user/group part of the SID to make the
UID/GID. In RID, it takes a portion of the user/group sid and adds it to the
low end of the range, up to the max end that you specify. That is very high
level, but the jest of it. I personally like the hash as I don't have to
make sure my ranges are the same across boxes (or that my max is high
enough) and it works well with trusted domains, a downfall of rid. I do
think you need a backend of some sort though. I haven't tried without it,
but it really seems to be needed.

Robert LeBlanc
Life Sciences & Undergraduate Education Computer Support
Brigham Young University

More information about the samba mailing list