[Samba] uidNumber. ( Was: What is --rfc2307-from-nss ??)
Rowland Penny
rowlandpenny at googlemail.com
Tue Dec 2 01:25:37 MST 2014
On 02/12/14 04:31, Greg Zartman wrote:
> On Mon, Dec 1, 2014 at 11:39 AM, Rowland Penny
> <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote:
>
> I understand where you are coming from, I have written my own
> scripts to maintain an S4 AD DC but as you say the documentation
> is a bit limited, so I had to search and experiment to find out
> how to do things. The documentation is getting better, but it will
> take time, if you have any suggestions where it could be improved,
> please post them.
>
>
> For starters, what is the xidNumber and how does it relate to uidNumber?
>
> Greg
>
>
xidNumbers only exist in idmap.ldb on the AD DC, on Debian this is in
/var/lib/samba/private, on your self compiled S4, it is probably in
/usr/local/samba/private.
you can see what is in the .ldb file with:
ldbedit -e nano -H /var/lib/samba/private/idmap.ldb
This is a sample record you will find there:
dn: CN=S-1-5-32-544
cn: S-1-5-32-544
objectClass: sidMap
objectSid: S-1-5-32-544
type: ID_TYPE_BOTH
xidNumber: 3000000
distinguishedName: CN=S-1-5-32-544
The records are created by samba to map users/groups to numbers that
Unix can understand, these numbers are the ones that you will see if you
run getent & getfacl etc on the AD DC i.e. ls -la /var/lib/samba/sysvol
total 20
drwxrwx---+ 3 root 3000000 4096 Aug 12 10:40 .
drwxr-xr-x 8 root root 4096 Nov 12 13:37 ..
drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 example.com
On a windows machine, these numbers are seen as RID's and SID's, but on
a member server, they get mapped to different numbers.
There is only a connection between xidNumbers and uidNumbers on the AD
DC and unless you copy idmap.ldb from the first DC to any others,
different xidNumbers are used for the builtin users.
Hope this helps
Rowland
More information about the samba
mailing list