[Samba] ldbedit: no matching records - cannot edit (newly-created user)
Rowland Penny
rowlandpenny241155 at gmail.com
Thu Sep 10 17:55:08 UTC 2015
On 10/09/15 18:37, Jim Seymour wrote:
> Following-up to myself...
>
> Started over with a new user...
>
> $ samba-tool user add someuser
> New Password:
> Retype Password:
> User 'someuser' created successfully
> $ wbinfo --name-to-sid someuser
> S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1110 SID_USER (1)
> $ ldbedit -e vi -H /var/lib/samba/private/idmap.ldb
> objectsid=S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1110
> no matching records - cannot edit
>
> Login on my laptop as a domain user (e.g.: SOMEDOM\someuser), then...
>
> $ ldbedit -e vi -H /var/lib/samba/private/idmap.ldb
> objectsid=S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1110
> # editing 1 records
> # record 1
> dn: CN=S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1110
> cn: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1110
> objectClass: sidMap
> objectSid: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1110
> type: ID_TYPE_BOTH
> xidNumber: 3000024
> distinguishedName: CN=S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1110
>
> Can somebody 'splain this?
>
> Thanks,
> Jim
Yes, after I engaged my brain, idmap.ldb contains the mappings of Domain
users & groups to Unix users & groups and they only get into idmap.ldb
after samba (on the DC) first pulls the users info from AD, it only does
this when the user or group first contacts the AD DC i.e. the user logs in.
DOH, how did I forget that !
I think you are going to have to rethink this, the users (or groups) RID
will always be unique in the domain, so you could use this to create a
uidNumber or gidNumber and add this to the user (or group) object.
Rowland
More information about the samba
mailing list