[Samba] Problems with groups, minimum gidnumber?
Rowland penny
rpenny at samba.org
Fri May 15 15:48:29 UTC 2020
On 15/05/2020 16:33, Harald Hannelius wrote:
> If there's a way to copy the sambaNTPassword password-hash from the
> LDAP for the Samba 3 DC with samba-tool I would have loved to find
> that information long ago :)
Why do you need the sambaNTPassword ?
>
> So the "idmap config sad:range" is for both uid's and gid's? There's
> no separate range for gid's?
No, they both use the same range.
>
> I have read these, and followed the instructions. What I don't
> understand is why one user uid 510, gid 100 works with all groups and
> another user with uid 527, gid 100 doesn't.
>
> What isn't clear is are really uid's and gid's in the same number
> space in Samba? What if a user has the same uid as a group's gid?
Because the user or group object in AD has a unique SID, this is what
counts for authentication.
As in most cases, it looks like you might have been better off creating
a totally new AD domain with new Unix UID & GID numbers, this would have
allowed you to get away for the big mistake that was made with NT4-style
domains, using the RID as the Unix ID.
Rowland
More information about the samba
mailing list