[Samba] Some direction of Samba4 Sid to Uid/Gid ?

Wei-Tsun Sun wsun013 at gmail.com
Sun Jan 16 18:32:57 MST 2011

On 17/01/2011 12:31 p.m., Andrew Bartlett wrote:
> On Sat, 2011-01-15 at 14:22 +1300, Wei-Tsun Sun wrote:
>> On 15/01/2011 1:50 p.m., Taylor, Jonn wrote:
>>> On 01/14/2011 02:04 PM, Wei-Tsun Sun wrote:
>>>> Did a git-pull and built samba4, up and running with winbind.
>>>> I have a file server, which will be access by windows. Say I have a
>>>> user named "abcde" (uid = 1000), under group "abcde) (gid = 1000).
>>>> When I created a user with samba-too (samba-tool newuser abcde xxxxx),
>>>> it creates an account "abcde" with mapped uid 300018 under group user
>>>> users.
>>>> I am really wondering if there is anyway to make the "abcde" created
>>>> under samba to link with the "abcde" in my local linux.
>>>> I have :
>>>>       idmap config SAMDOM: default = yes
>>>>       idmap config SAMDOM: backend = tdb
>>>>       idmap config SAMDOM: range = 1000-20000
>>>> in my smb.conf
>>>> But it seems the uid goes anywhere not near 1000.
>>>> Cheers.
>>> Have a look at http://wiki.samba.org/index.php/Samba4/Winbind
>>> Jonn
>> I did, that is why I am bringing this up. In the "Testing" section:
>> #id Administrator
>> uid=0(root) gid=100(users) groupes=0(root),100(users),3000004(Group
>> Policy Creator Owners),3000008(Domain Admins)
>> ID Administrator is not duplicated with the user name in the system.
>> However, "abcde", which is already in my system with uid 1000, and the
>> one created by the samba-tool is with uid 300018.
>> When I
>> $id abcde
>> , I get abcde from the system but not from the samba4. Furthermore,
>> files created via samba by the uid 300018 is not deletable by user uid 1000.
> Correct.  Samba4 uses it's own uid and gid space, and manages all
> aspects of the user.  You could edit the idmap.ldb I suppose.
> Eventually we will get this back into the directory to make this easier
> to administer.
> Andrew Bartlett

Thank you very much Andrew, this really gives me an idea how to do it:

 From Samba4 HowTo, the last part of Step 1: Adding user into Samba 4 
Active Directory :

Since uid/gid spaces are different from the local system and samba, 
therefore one can change the
samba user's uid/gid to the local system's ones, without conflicting 
(that I suppose).

uid and gid are stored in idmap.ldb (thanks Andrew!) and can be edited 
by using ldbedit.

So the steps are as follows, based on user name "abcde" with gid = 1000 
and uid = 1000 on the local system:
1. If the user does not exist in samba4, create it :
samba-tool newuser abcde

2. SID of abcde can be found from
wbinfo -n abcde

(say it turns S-1-5-21-3374259721-1964127243-1665914219-1106 SID_USER (1) )

3. Edit the UID with the SID we just got
ldbedit -e emacs -H path_to_/idmap.ldb 

Change the xidNumber to 1000

4. Each "normal" users belongs at least two groups, one is user itself 
and another one is "user", to find the "user" group, one can:
wbinfo --user-sids=S-1-5-21-3374259721-1964127243-1665914219-1106

It will gets

And the S-1-5-21-3374259721-1964127243-1665914219-513 is the identifier 
of the "user" group.

5. Use ldbedit to do the trick again
ldbedit -e emacs -H path_to_/idmap.ldb 

Change xidNumber to 1000 as well

6. Then restart the samba4 service. Done!


Wei-Tsun Sun

More information about the samba mailing list