[Samba] Wither "uidNumber" and "gidNumber"? (was: Re: ldbedit: no matching records - cannot edit (newly-created user))

Jim Seymour jseymour at LinxNet.com
Sat Sep 12 13:36:36 UTC 2015


On Sat, 12 Sep 2015 08:32:17 +0100
Rowland Penny <rowlandpenny241155 at gmail.com> wrote:

[snip]
> 
> Samba4 comes with the uidNumber & gidNumber attributes (and a load
> of others), but they are *not* used as standard, the sysadmin needs
> to add them.

Starting at the page you reference, below, I put "uidNumber" into the
search box.  Now, unless I'm missing it, all that comes up are
references to it, but no information on how it's used or where to set
it.

> 
> Can I suggest you stop reading the docs you are reading and read
> the samba wiki instead, start here:
> 
> https://wiki.samba.org/index.php/Main_Page

The docs I was reading were, in fact:

    https://wiki.samba.org/index.php/Adding_users_with_samba_tool

> 
> The number you refer to: '3000026' is an xidNumber and is stored in 
> idmap.ldb, you need to add a 'uidNumber' attribute (containing the
> UID number you want the user to have) to your users object in AD
> (sam.ldb), repeat for other users, but the numbers must be unique.

Of course they must, they'll be Unix UIDs and GIDs.

> Finally, give the 'Domain Users' object in AD a unique gidNumber
> attribute, what number you use is up to you, some people just use
> the RID '513', others use something like '20513', I personally just
> use '10000'. Whatever number you use, it must unique to that group,
> but it can be the same as a user, as this shows:

What is the purpose of doing this and what will be the effect on
whatever files and directories a MS-Win AD user creates or wants to
access, please?

Can I, should I, may I put gidNumber attributes into individual user
AD records?  (Matching their [default] *nix gids?)

Regarding UIDs and GIDs: I've been administering *nix systems since
SysVR3, incl. variants such as Xenix and QNX.  I know how *nix works,
and UIDs and GIDs.  What I *do not* understand is how to make Samba4
play nicely on a *nix server in a heterogeneous computing
environment.

Thanks for the help, Rowland.

Regards,
Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.



More information about the samba mailing list