[Samba] Wither "uidNumber" and "gidNumber"? (was: Re: ldbedit: no matching records - cannot edit (newly-created user))

Jim Seymour jseymour at LinxNet.com
Sat Sep 12 13:36:36 UTC 2015

On Sat, 12 Sep 2015 08:32:17 +0100
Rowland Penny <rowlandpenny241155 at gmail.com> wrote:

> Samba4 comes with the uidNumber & gidNumber attributes (and a load
> of others), but they are *not* used as standard, the sysadmin needs
> to add them.

Starting at the page you reference, below, I put "uidNumber" into the
search box.  Now, unless I'm missing it, all that comes up are
references to it, but no information on how it's used or where to set

> Can I suggest you stop reading the docs you are reading and read
> the samba wiki instead, start here:
> https://wiki.samba.org/index.php/Main_Page

The docs I was reading were, in fact:


> The number you refer to: '3000026' is an xidNumber and is stored in 
> idmap.ldb, you need to add a 'uidNumber' attribute (containing the
> UID number you want the user to have) to your users object in AD
> (sam.ldb), repeat for other users, but the numbers must be unique.

Of course they must, they'll be Unix UIDs and GIDs.

> Finally, give the 'Domain Users' object in AD a unique gidNumber
> attribute, what number you use is up to you, some people just use
> the RID '513', others use something like '20513', I personally just
> use '10000'. Whatever number you use, it must unique to that group,
> but it can be the same as a user, as this shows:

What is the purpose of doing this and what will be the effect on
whatever files and directories a MS-Win AD user creates or wants to
access, please?

Can I, should I, may I put gidNumber attributes into individual user
AD records?  (Matching their [default] *nix gids?)

Regarding UIDs and GIDs: I've been administering *nix systems since
SysVR3, incl. variants such as Xenix and QNX.  I know how *nix works,
and UIDs and GIDs.  What I *do not* understand is how to make Samba4
play nicely on a *nix server in a heterogeneous computing

Thanks for the help, Rowland.

Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.

More information about the samba mailing list