David Mendenhall wrote:>
> Is the rid of a user required to be 2*uid+1000 in HEAD when using an ldap
> backend? Is it still necessary that users also exist in /etc/passwd?
I'd
> like to replace NIS and win NT domain auth with ldap, and want to keep the
> current unix uid's and the NT rid's, so the migration is
transparent to the
> end users.
In theory, this *might* be possible. I've not yet seen evidence that
this can actually be done, and you certainly need Samba 3.0
Samba 3.0 will always repect the RID stored in LDAP, so you can set it
to match. However, you need to ensure that the RIDs don't conflict with
the 'magic' RIDs that Samba creates using the old algorithm.
To achive this, set 'algorithmic rid base = nice_big_num', where
nice_big_num defaults to 1000, you want to make it 100000 or so :-)
Then, use smbgroupedit to set the SIDs for the groups to match (this
isn't kept in LDAP yet).
You don't need /etc/passwd entries, as long as you use nss_ldap.
Andrew Bartlett
--
Andrew Bartlett abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet@samba.org
Student Network Administrator, Hawker College abartlet@hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net