[Samba] Problems with groups, minimum gidnumber?
Harald Hannelius
harald+samba at arcada.fi
Fri May 15 17:26:25 UTC 2020
On Fri, 15 May 2020, Rowland penny via samba wrote:
> On 15/05/2020 16:33, Harald Hannelius wrote:
>> If there's a way to copy the sambaNTPassword password-hash from the LDAP
>> for the Samba 3 DC with samba-tool I would have loved to find that
>> information long ago :)
> Why do you need the sambaNTPassword ?
So the users would have the same password. I don't have time to wait for our
IDM to change the passwords one by one.
>> So the "idmap config sad:range" is for both uid's and gid's? There's no
>> separate range for gid's?
> No, they both use the same range.
I see.
>> I have read these, and followed the instructions. What I don't understand
>> is why one user uid 510, gid 100 works with all groups and another user
>> with uid 527, gid 100 doesn't.
>>
>> What isn't clear is are really uid's and gid's in the same number space in
>> Samba? What if a user has the same uid as a group's gid?
> Because the user or group object in AD has a unique SID, this is what counts
> for authentication.
>
> As in most cases, it looks like you might have been better off creating a
> totally new AD domain with new Unix UID & GID numbers, this would have
> allowed you to get away for the big mistake that was made with NT4-style
> domains, using the RID as the Unix ID.
That migh be true. I have two large filesystems with users and groups that
would have required migration in that case. Which would have been an even
greater mess I think.
But since my users now have uidNumber: in AD, don't they use that as uid and
not the RID?
--
Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020
More information about the samba
mailing list