LDAP rid attribute in 2.2.3
Ignacio Coupeau
icoupeau at unav.es
Wed Feb 6 03:59:01 GMT 2002
Alain RICHARD wrote:
> Looking at the code and samba.schema, I have observed :
>
> a) that rid attribute is mandatory for users
> b) there is no sambaGroup, so no rid for groups
> c) that rid are derived from uid and gid (rid = 2*uid + 1000 for users,
> rid=2*gid+1001 for groups
> d) some special groups are identified with their special rid (for
> example Domain Admins=512)
of course, these accounts requires a well know RID/SID (builtin)
> e) the binding from an ldap user to an "NT" group is done using the
> primaryGroupID attribute
> f) it is possible to bind a unix group to be "Domain Admins" using
> "domain admin group" in smb.conf
you can perform group maping in the HEAD
(samba/docs/textdocs/GROUP-MAPPING-HOWTO.txt) and in the SAMBA_2_2
perhaps (I don't tested it) with a trick
(http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html#group_mapping)
> g) the "smbpasswd -a" command add samba attributes to an existing
> posixAccount. Doing so, it adds an rid of 0 to a user and not (2*uid+1000)
>
in HEAD or in SAMBA_2_2 branche?
I tested the SAMBA_2_2 and the rid runs fine:
> uid: 111111
..
> rid: 2038
> primaryGroupID: 1001
Ignacio
--
____________________________________________________
Ignacio Coupeau, Ph.D. e-mail: icoupeau at unav.es
CTI, Director fax: 948 425619
University of Navarra voice: 948 425600
Pamplona, SPAIN http://www.unav.es/cti/
More information about the samba-technical
mailing list