smbpasswd -a sets the RID on the SID automatically by (uid * 2 ) +
1000. you could edit the RID after having it put in by smbpasswd to a
unique number and it would work, but i think you'd still have file
permission errors. if user joe and sally are both UID 550 in ldap, and
you chown 550 /some/data/joe, then actually sally could modify it too.
i'm having the same problem and will just have to renumber my users to
match what their UID is on the email server since everyone that has a
samba account here also has an email account.
fernando@lozano.eti.br wrote:> Hi there,
>
> I'm the process of centralizing user authentication for a medium-sized
network with a few Linux
> servers, some of them runnng samba. The idea is migrating all user
definitions from both
> /etc/{passwd,shadow,groups} and samba tdb to a central LDAP directory.
>
> Most servers had the same set of users, but as each one was administered in
isolation (no NIS not
> all samba servers were part of the same windows domain) there are many
inconsistencies between all
> servers.
>
> I have already done my homework and found whenever the same user had
different uids or group
> assignments, and planed the steps required to get everything in sync (like
changing file owners).
>
> My question regards sambaAccount x posixAccount in LDAP. Samba docs state
that Unix uids/gids and
> Windows SIDs are algoritmically mapped implying that given a Windows user
SID the Unix uid needs to
> have a certain value, and vice-versa.
>
> But I wish to change as few as possible existing uid/gids. I see
sambaAccount has a sid field, and
> posixAccount has a uid field. So, if I do store values for both, using the
ones from previous
> servers, they won't conform to the mapping algoritm.
>
> Is that ok? Or will I have to change either the Windows user sid or the
Unix user uid so
> sambaAccount and posixAccout values agree with the mapping algoritm?
>
>
>
> []s, Fernando Lozano
>
>