[Samba] Howto compute (calculate) RID while using the LDAP backend

Karel Lang AFD lang at afd.cz
Tue Aug 26 01:44:10 MDT 2014


Hello,
as my subject says, i have a few questions regarding how to calculate 
the RID part of SID, or how to value should look like..

few facts 1st:
- OS is RHEL 6.5
- samba version:
samba.x86_64                            3.6.9-164.el6
samba-client.x86_64                     3.6.9-164.el6
samba-common.x86_64                     3.6.9-164.el6
samba-winbind.x86_64                    3.6.9-164.el6
samba-winbind-clients.x86_64            3.6.9-164.el6
samba4-libs.x86_64                      4.0.0-58.el6.rc4

- smbldap tools:
smbldap-tools.noarch                    0.9.10-1.el6

- ldap backend (389 directory server)
389-ds-base.x86_64                      1.2.11.15-29.el6

My question is:

1. why there is difference in RID value while adding user to LDAP 
backend through the smbldap script "smbldap-useradd" versus "smbpasswd -a" ?

2. i'd like to have posix UID equal to RID - is this feasible?
my UID all start above 1000

Please now let me elaborate to more detail to fig 1:

"smbldap-useradd" produce RID based on equation: UID*2 + 1000 resulting 
my user having UID 1001 will have RID 3002 stored in LDAP backend

"smbpasswd -a" produce next free RID starting also at 1000 - so eg. if i 
add user via 389-console to LDAP and specify the user account posix 
attributes and the i use "smbpasswd -a" to add Samba attributes, the 
resulting RID for posix user with UID 1001 would be again 1001 (or the 
next free)

This discrepancy bothers me a bit, because i'd like to have possibility 
to add users both way to LDAP while keeping the RID numbering tidy and 
logical.

With this being said, i'd prefer (for human readability reasons) to keep 
RID equal to UID - as i asked in my fig. 2 but basically i'm not sure 
why the smbldap-tools devs came up with that calculation equation?
For sure for some reason?

Anyone been in same boat wandering about what RID values should be? 
Could anyone share some light onto this matter for me?

Big thanks!
Karel Lang

lang 'at' afd.cz


More information about the samba mailing list