Tom Diehl wrote:>
> Hi all,
> I am in the process of setting up a test network to test samba as a DC
> with the acct information stored in LDAP (2.2.3a). The ultimate goal is to
> replace the nt4 (P,B)DC we have on the network now with a samba DC. I have
read about the
> uid gid scheme of uid *2+1000 = rid but I am a little confused. If I use
> pwdump to dump the existing sam database I get numbers like 1036 for the
rid's.
> For rids like this to fit in the formula above I would have to be using
uid's
> less than 100. Since uid on the *nix side less than 100 are typically admin
> uids this presents a problem. If I convert to the samba scheme for mapping
> rids will the users be able to access their files on the other NT servers
> once the samba DC is in place or are we going to have MAJOR permissions
problems?
>
> If this is a problem as I suspect is there a work around for it??
You report the problem correctly. There are some ways around it.
Firstly - use HEAD, becouse I've already started on the work there.
Basicly, what we need to do is *never* call the crazy mapping forumla.
This is quite simple, if all the users you ever want to see in your
domain are proper users in your LDAP backend, and have unix accounts on
the system (with 'normal' uids).