From: Mois?s_Barba_P?rez <mbarperoi at gmail.com>
Date: Tue, 15 Mar 2011 13:06:03 +0100
> I have a samba PDC with LDAP, samba 3.0.33 and 389DS 1.2.5. I am adding
> computer accounts with smbldap-useradd script configured in smb.conf like
> this:
>
> add machine script = /usr/bin/perl -w
> /opt/ldap/smbldap-tools/bin/smbldap-useradd -w -c '%a' -t 10 -J
Equipos '%u'
>
> My problem is that I get a samba sid I don't understand why samba
creates
> like that. I thought the users acounts have a samba sid = (2 * userid) +
> 1000, and groups accounts have samba sid = (2 * groupid) + 1001. The
> computers accounts have a different samba sid?, Isn't a computer accout
the
> same as an user account? my question is how samba generates the samba sid
> for the computer account and If I can use the old style of samba sid
> generation for computers accounts.
If you use smbldap-tools, the SID for users and groups are generated
by smbldap-tools with the way which you know, (2 * id) + 1000/1001.
But the SID for computers are generated by Samba itself. Samba
generates (any) SID in sequentially from 1000.
If you use ldapsam:editposix, all SIDs for users, groups and computers
are generated sequenctially from 1000.
---
TAKAHASHI Motonobu <monyo at monyo.com>