[Samba] Help with fixing users and groups with the same SID in LDAP
Tim
IT at mcgeecorp.com
Mon Dec 2 14:31:32 MST 2013
Jonathan Buzzard <jonathan <at> buzzard.me.uk> writes:
> There is absolutely nothing wrong with a uidNumber and gidNumber being
> the same numerical value as they are two entirely different sets of
> numbers. What is not possible in the Windows world is to have a username
> and a group with the same text name. What looks to be at issue is that
> you have been generating SID's based on the uidNumber or gidNumber which
> has never been a sensible idea.
>
Hmm... I believe the SIDs in question were automatically generated ages ago
by smbldap tools. No one has manually intervened when adding users or groups
to my knowledge.
I was planning to follow the apparent convention of the existing SIDs when
updating the dupes... IIRC it was how SIDs were computed back in the NT days
or something :-) Is there a better algorithm to use or does it really not
matter what I change the last section to as long as the SID is unique within
the domain?
>
> There should be no reason to change the gidNumber, just change the SID.
> I would have the directory servers offline to the users while the
> changes where made and restart any domain joined machines after
> restarting the samba3+ldap combination.
Ok, thanks - that makes sense.
I appreciate your help!
Cheers,
Tim
More information about the samba
mailing list