[Samba] samba4: samba-tool and (unix) uids

Gémes Géza geza at kzsdabas.hu
Mon Sep 24 23:13:29 MDT 2012

2012-09-24 22:52 keltezéssel, Thomas Karmann írta:
> Hello,
> at my universities CS computer pools we're trying to migrate our
> samba3 based NT domain to AD with samba4-rc1.
> In the past we had a little script which our users could run on their
> own from their linux account which created a samba user with
> their own uid/gid and set their password (via smbpasswd).
> We're trying to recreate this behaviour with "samba-tool user create" but we couldn't
> find a parameter to set the mapping SID <-> uid.
> Without the correct mapping we can't get the users profile/home permissions right.
> Will we have to manually correct the private/idmap.ldb each time we
> add a user or are we missing something? Is it save to edit the idmap on
> the fly?
> With kind regards,
> Thomas

If you migrate via samba-tool classicupgrade it takes care of migrating 
existing uids gids shells and homedirectories to samba4. At the same 
time it sets idmap_ldb:use rfc2307 = yes in the global section of Samba4 
smb.conf. That means, that Samba4 winbind retrieves uids, gids from the 
Because of that you don't need to fiddle with idmap.ldb. So until 
samba-tool gets support for manipulating posix attributes I would 
recommend setting up those attributes by ldmodify against the directory 
(or if you prefer a gui via ADUC (if you install RSAT on Windows Vista/7))


Geza Gemes

More information about the samba mailing list