When I set up my initial users for the Samba domain i did not realize that RIDs were supposed to be dynamic. I was creating the user as a posixAccount in LDAP, and then adding the Samba elements via a script that I wrote. Their RIDs are the same as their UID. For instance if I have a user with uidNumber 1036, her SID would be <domain-SID>-1036. This is fine except for idmapping for member servers, for ACLs. I have about 30 users with this problem. Is there a non-disruptive way for me to convert their RIDs to be algorithmic based on their UIDs, without destroying their roaming profiles etc? If not I think we will just have to deal with not being able to use ACLs on member servers, but I thought I would query first. To reiterate, we are using a LDAP backend. Misty
fre, 20.05.2005 kl. 15.42 skrev Misty Stanley-Jones:> When I set up my initial users for the Samba domain i did not realize that > RIDs were supposed to be dynamic. I was creating the user as a posixAccount > in LDAP, and then adding the Samba elements via a script that I wrote. > Their RIDs are the same as their UID. For instance if I have a user with > uidNumber 1036, her SID would be <domain-SID>-1036. This is fine except for > idmapping for member servers, for ACLs. I have about 30 users with this > problem. Is there a non-disruptive way for me to convert their RIDs to be > algorithmic based on their UIDs, without destroying their roaming profiles > etc? If not I think we will just have to deal with not being able to use > ACLs on member servers, but I thought I would query first. To reiterate, we > are using a LDAP backend.I use 3.0.11/3.0.14a (2 sites) on RHAS3 and LDAP. When I use smbpasswd -a to add a POSIX group user to Samba, both user and group RIDs are calculated from uidNumber and gidNumber on the basis of a simple algorithm. This is something that smbpasswd just does; moreover it's documented. Why should mine be different from yours? --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: tonye@billy.demon.nl http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ...
On Fri, 20 May 2005, Misty Stanley-Jones wrote:> When I set up my initial users for the Samba domain i did not realize that > RIDs were supposed to be dynamic. I was creating the user as a posixAccount > in LDAP, and then adding the Samba elements via a script that I wrote. > Their RIDs are the same as their UID. For instance if I have a user with > uidNumber 1036, her SID would be <domain-SID>-1036. This is fine except for > idmapping for member servers, for ACLs. I have about 30 users with this > problem. Is there a non-disruptive way for me to convert their RIDs to beYes. The default argorithmic way is uidNumber+1000 for RID of user and gidNumber+1001 for RID of group entries (sambaGroupMapping). I do the same as you and wrote some in house stuff to fill in some blanks.> algorithmic based on their UIDs, without destroying their roaming profiles > etc? If not I think we will just have to deal with not being able to use > ACLs on member servers, but I thought I would query first. To reiterate, we > are using a LDAP backend.You will however need to run the "/sambapath/bin/profiles" program against the user's ntuser.dat to reflect the new SID-RID value. Shouldn't take long. Bill> > Misty > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >