[Samba] How are user and group SID's generated?

[Rowland penny]

On 31/03/2020 14:29, Dan Stevenson wrote:
>
> Rowland,
>
> No problem, thanks for replying.
>
>
>
> I use a shell script to add users and set permissions. The actual 
> adding of new users to the shell and setting Samba passwords is just 
> done by the standard useradd and pdbedit commands. I do not use sssd.
>
Ah, light dawns, if you use pdbedit, then you are adding things to the 
SAM on a standalone server that you only need on a PDC.
>
>
> Here is example of what happens when I add a user and Samba creates an 
> SID for that user which is an exact duplicate of an existing group SID.
>
> Before adding the new user I can check to verify the SID for my 
> "management" group like so:
>
>> sudo net groupmap list
>> management (*S-1-5-21-979328919-1982131190-3311040992-1026*) -> 
>> management
>
> If I check the properties of the /Apps/managers folder from a Windows 
> workstation that has a drive mapped to the /Apps share and look at the 
> security tab I can see that the "management" group is listed and has 
> full permission as it should be. I would provide a screenshot but I 
> don't believe that is supported in the mailing list?
>
> I would like to know how Samba determines what SID to assign to a new 
> user and if there is a way I can limit the generated user SID's to a 
> range that will never overlap with my group SID's?

That is what I was saying, you have a standalone server, so you don't 
need to bother with the SID, perhaps reading this might help:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server

Basically it boils down to creating a user with the unix tools: useradd

You then make them Samba users: smbpasswd -a username

It sounds like you are either trying too hard, or not hard enough ;-)

By that I mean, you seem to want to run a domain, but don't want to 
actually set one up.

Rowland