[Samba] Howto compute (calculate) RID while using the LDAP backend

Rowland Penny rowlandpenny at googlemail.com
Tue Aug 26 07:34:15 MDT 2014

On 26/08/14 08:44, Karel Lang AFD wrote:
> Hello,
> as my subject says, i have a few questions regarding how to calculate 
> the RID part of SID, or how to value should look like..
> few facts 1st:
> - OS is RHEL 6.5
> - samba version:
> samba.x86_64                            3.6.9-164.el6
> samba-client.x86_64                     3.6.9-164.el6
> samba-common.x86_64                     3.6.9-164.el6
> samba-winbind.x86_64                    3.6.9-164.el6
> samba-winbind-clients.x86_64            3.6.9-164.el6
> samba4-libs.x86_64                      4.0.0-58.el6.rc4
> - smbldap tools:
> smbldap-tools.noarch                    0.9.10-1.el6
> - ldap backend (389 directory server)
> 389-ds-base.x86_64            
> My question is:
> 1. why there is difference in RID value while adding user to LDAP 
> backend through the smbldap script "smbldap-useradd" versus "smbpasswd 
> -a" ?
Because you are using different scripts that work in different ways to 
do the same thing

> 2. i'd like to have posix UID equal to RID - is this feasible?
> my UID all start above 1000

Yes, read up on ldapmodify and ldif's, but you will have to come up with 
some way to keep track of the next uidNumber, this shouldn't be a 
problem if you base this on the users RID.


> Please now let me elaborate to more detail to fig 1:
> "smbldap-useradd" produce RID based on equation: UID*2 + 1000 
> resulting my user having UID 1001 will have RID 3002 stored in LDAP 
> backend
> "smbpasswd -a" produce next free RID starting also at 1000 - so eg. if 
> i add user via 389-console to LDAP and specify the user account posix 
> attributes and the i use "smbpasswd -a" to add Samba attributes, the 
> resulting RID for posix user with UID 1001 would be again 1001 (or the 
> next free)
> This discrepancy bothers me a bit, because i'd like to have 
> possibility to add users both way to LDAP while keeping the RID 
> numbering tidy and logical.
> With this being said, i'd prefer (for human readability reasons) to 
> keep RID equal to UID - as i asked in my fig. 2 but basically i'm not 
> sure why the smbldap-tools devs came up with that calculation equation?
> For sure for some reason?
> Anyone been in same boat wandering about what RID values should be? 
> Could anyone share some light onto this matter for me?
> Big thanks!
> Karel Lang
> lang 'at' afd.cz

More information about the samba mailing list