[Samba] uidNumber. ( Was: What is --rfc2307-from-nss ??)

Rowland Penny rowlandpenny at googlemail.com
Mon Dec 1 02:33:27 MST 2014


On 01/12/14 08:40, Greg Zartman wrote:
>
> Rowland,
>
> How are you selecting you UID to store in the AD uidNumber 
> attribute?   I initially thought UID could be pulled from the last set 
> of digits from SID,  ut this does not appear to be what others are 
> doing :(
>
> What are you using determine the UID number???
>
> Thanks
>

I do what windows does, it ignores the RID (what you call 'the last set 
of digits from SID') and uses a builtin mechanism to store the next uid 
& gidNumber.

If you create a user and then goto to the UNIX_Attributes tab in ADUC, 
firstly you will find a 'uidNumber' is assigned to your user (if it is 
the first user, this will be 10000) and when you add the attributes, you 
will then find in the users object in AD that the following attributes 
will have been added:

uid
msSFU30Name
msSFU30NisDomain
uidNumber
gidNumber
loginShell
unixHomeDirectory
unixUserPassword: ABCD!efgh12345$67890  <-- the password is always this, 
unless password sync is installed and it doesn't (yet) exist on S4

the next 'uidNumber' & 'gidNumber' are stored in the 
'msSFU30MaxUidNumber' and 'msSFU30MaxGidNumber' attributes, stored at:

CN=<lowercase workgroup 
name>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=example,DC=com

Unfortunately, these attributes do not exist as standard, so you would 
either have to add a user with ADUC or manually add them yourselves with 
ldbedit. As standard on windows, they both start at '10000', though you 
can set them to whatever you require, just make sure that they do not 
interfere with any local Unix users.

Rowland


More information about the samba mailing list