[Samba] How to Change UIDs

Rowland penny rpenny at samba.org
Fri Sep 6 15:11:23 UTC 2019 

On 06/09/2019 15:56, Tyrus Shivers wrote:
>
>
> On Fri, Sep 6, 2019 at 2:55 AM Rowland penny via samba 
> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>
>     On 05/09/2019 22:45, Roy Eastwood wrote:
>     > Rowland,
>     > I must be missing something here.  Why can't the OP set the UID
>     in ADUC to match that required in the other system? The Samba
>     > Domain member can use the ad backend, (rather than the rid), and
>     no doubt file permissions will have to be readjusted accordingly,
>     > but at least the UID's will match the other system.  The Windows
>     DC doesn't care about the RFC2307 attributes, so that shouldn't be
>     > affected.
>     >
>     It all depends on your definition of 'UID' ;-)
>
>     The OP is using the winbind 'rid' backend and as such, is unlikely to
>     have uidNumber & gidNumber attributes in AD. He also hasn't told
>     us just
>     what he is trying to connect to.
>
>
> I am trying to connect to a shared drive ( I believe it is Windows 
> based) on another Domain which we have access to (created by their 
> admins) which has different UID for our users that match their 
> authenticating source. Since all of these networks are closed, I am 
> limited to what I can do in terms of just opening them up for access, 
> etc.  Our linux vm's cannot mount that share because we do not have 
> permissions and that is because the UID is different.
I think you would need Guest access on the shared drive, but by default, 
the Guest user is turned off on Windows 10.
>
>
>     Just changing what 'id' or 'getent'  produces is unlikely to be
>     enough
>     if he is trying to connect from one AD domain to another e.g.
>     changing a
>     user in the 'SAMDOM' domains UID from 1234 to 4321 would still
>     make the
>     user a member of the 'SAMDOM' domain, but it would make the user a
>     new user.
>
>
> I did make attempts at the previously and you are correct it does not 
> work properly.

It wouldn't ;-)

>
>     What I also cannot understand why he cannot sort this out himself,
>     try
>     going to 'www.bestgateeng.com <http://www.bestgateeng.com>'
>
>
> I am not sure what you mean or are referring to by that statement. 
> This system was passed off to me, I have no access to the previous 
> admins or documentation on how and why everything is setup the way it 
> is. After exhausting what I know I came here to ask a question to see 
> if I perhaps missed something.

Bestgate Engineering is committed to bringing the best, brightest, and 
most passionate software and systems engineers to solve our customers' 
most difficult and challenging technical problems.

Does the above look familiar ????

I get the feeling that you are possibly trying to read data from one 
customers domain into another domain. If you aren't, you should have no 
problem setting up trusts between the domains. If you are and the 
customer is in the EU, then you are potentially breaking EU law.

You cannot make a user in one domain into a user in another domain, but 
you can get a domain to trust users from another domain.

Rowland

More information about the samba mailing list