[Samba] Wither "uidNumber" and "gidNumber"? (was: Re: ldbedit: no matching records - cannot edit (newly-created user))

[Jim Seymour]

On Fri, 11 Sep 2015 20:57:32 -0300
Guilherme Boing <kolt+samba at frag.com.br> wrote:

> If I'm not mistaken you need to --use-rfc2307 when provisioning
> your domain to have uidNumber/gidNumber.
[snip]

Louis' setup/provisioning script reads...

    ## To create a new domain set to "DC". 
    ## To join a domain with this script, set to "DCJOIN"
    ## (default is ok for a new domain)
    SAMBA_JOIN_DOMAIN="DC"
    ...
    if [ "${SAMBA_JOIN_DOMAIN}" = "DC" ]; then 
        samba-tool domain provision --use-rfc2307 ...

And, in /etc/samba/smb.conf there is...

    idmap_ldb:use rfc2307 = yes

So I'm kind of guessing it's provisioned with rfc2307?

Yet...

    $ wbinfo --name-to-sid username
    S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1112 SID_USER (1)
    $ ldbsearch -H /var/lib/samba/private/idmap.ldb
       objectsid=S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1112
    # record 1
    dn: CN=S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1112
    cn: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1112
    objectClass: sidMap
    objectSid: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1112
    type: ID_TYPE_BOTH
    xidNumber: 3000026
    distinguishedName:
    CN=S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1112

    # returned 1 records
    # 1 entries
    # 0 referrals

The Samba4 docs I was reading before said to ldbedit that record and
change xidNumber to the user's Unix UID.  But, when I did that,
that's when the user's roaming profile appeared not to work.  So,
this time, I left the idmap alone.  Roaming profiles now work, but
the user's access to his Linux files does not.

Thanks,
Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.