Urs Rau
2006-May-29 11:26 UTC
[Samba] what samba file do I need to change when manually changing gid in /etc/group file?
I have a need to renumber some of my /etc/group numbers from below 100 to a value that is above 500. (e.g 88 -> 535, 91 -> 632, etc etc, about 9 changes in total) If I had to do this in an earlier version of samba then I think the correct files I would have to keep in sync would be /etc/group and /etc/samba/smbpasswd, simply changing the gid from the value below 100 to it's new value above 500. And then of course run a script that does those changes for all directories and files owned by that old low numbered group against the filesystem. But now that I am using samba samba-3.0.14a-2 it looks as if this version no longer stores the gid in the smbpasswd file, as this file is now empty. Does samba now build the group sid dynamically from the values in /etc/group, or do I have to tell samba somehow, somewhere that the gid value for the low numbered gid is now such and such higher numbered value? And while I am asking these questions, does anybody have such a group number id migration script handy? Thanks for any pointers. Regards, -- Urs Rau
Urs Rau
2006-May-29 11:47 UTC
[Samba] what samba file do I need to change when manually changing gid in /etc/group file?
Sorry for appearing to answer my own post. I just thought I might not have given enough detail. Urs Rau wrote:> I have a need to renumber some of my /etc/group numbers from below 100 > to a value that is above 500. (e.g 88 -> 535, 91 -> 632, etc etc, about > 9 changes in total) > > If I had to do this in an earlier version of samba then I think the > correct files I would have to keep in sync would be /etc/group and > /etc/samba/smbpasswd, simply changing the gid from the value below 100 > to it's new value above 500. And then of course run a script that does > those changes for all directories and files owned by that old low > numbered group against the filesystem. > > But now that I am using samba samba-3.0.14a-2 it looks as if this > version no longer stores the gid in the /etc/samba/smbpasswd file, as this file is > now empty. Does samba now build the group sid dynamically from the > values in /etc/group, or do I have to tell samba somehow, somewhere that > the gid value for the low numbered gid is now such and such higher > numbered value?Maybe the answer depends on how I am running samba on this machine? Well it is a PDC of a domain with name 'WORKGROUP'. Here are hopefully the relevant lines from the testparm output. # Global parameters [global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = WORKGROUP realm netbios name = LINUX netbios aliases netbios scope server string = "" interfaces = 10.37.1.200/24, 10.37.2.200/24, lo bind interfaces only = Yes security = USER auth methods encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes hosts equiv min password length = 5 map to guest = Never null passwords = No obey pam restrictions = No password server = * smb passwd file = /etc/samba/smbpasswd private dir = /etc/samba passdb backend = tdbsam algorithmic rid base = 1000 root directory guest account = nobody enable privileges = Yes pam password change = No passwd program = /usr/local/sbin/sysadm-samba.pl --changepw=%u passwd chat = *new*password* %n\n *changed* passwd chat debug = No passwd chat timeout = 2 check password script username map password level = 0 username level = 0 unix password sync = Yes restrict anonymous = 0 lanman auth = Yes ntlm auth = Yes client NTLMv2 auth = No client lanman auth = Yes client plaintext auth = Yes preload modules use kerberos keytab = No log level = 1 syslog = 1 syslog only = No log file max log size = 5000 debug timestamp = Yes debug hires timestamp = No debug pid = No debug uid = No smb ports = 139 445 large readwrite = Yes max protocol = NT1 min protocol = CORE read bmpx = No read raw = No write raw = Yes disable netbios = No acl compatibility defer sharing violations = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts hosts wins bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = Yes unix extensions = Yes use spnego = Yes client signing = auto server signing = No client use spnego = Yes change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 kernel change notify = Yes lpq cache time = 60 max smbd processes = 0 paranoid server security = Yes max disk size = 0 max open files = 10000 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 use mmap = Yes hostname lookups = No name cache timeout = 660 load printers = Yes printcap cache time = 0 printcap name = cups cups server disable spoolss = No enumports command = /usr/local/bin/samba_enumports.sh addprinter command deleteprinter command show add printer wizard = Yes os2 driver map mangling method = hash2 mangle prefix = 1 stat cache = Yes machine password timeout = 604800 add user script delete user script add group script delete group script add user to group script delete user from group script set primary group script add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u shutdown script abort shutdown script logon script = logon.bat logon path = \\%L\profiles\%U logon drive = h: logon home = \\%L\%U\.profile domain logons = Yes os level = 255 lm announce = Auto lm interval = 60 preferred master = Yes local master = Yes domain master = Yes browse list = Yes enhanced browsing = Yes dns proxy = Yes wins proxy = No wins server wins support = Yes wins hook wins partners kernel oplocks = Yes lock spin count = 3 lock spin time = 10 oplock break wait time = 0 ldap admin dn ldap delete dn = No ldap filter = (uid=%u) ldap group suffix ldap idmap suffix ldap machine suffix ldap passwd sync = no ldap replication sleep = 1000 ldap suffix ldap ssl ldap timeout = 15 ldap user suffix add share command change share command delete share command config file preload lock directory = /var/cache/samba pid directory = /var/run utmp directory wtmp directory utmp = No default service message command = bash -c 'cat %s | logger -t %f' & dfree command get quota command set quota command remote announce = 10.37.2.255/24 remote browse sync = 10.37.2.240 socket address = 10.37.1.200 10.37.2.200 127.0.0.1 homedir map = auto.home afs username map afs token lifetime = 604800 log nt token command time offset = 0 NIS homedir = No panic action host msdfs = No enable rid algorithm = Yes idmap backend idmap uid idmap gid template primary group = nobody template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 300 winbind enable local accounts = No winbind enum users = Yes winbind enum groups = Yes winbind use default domain = No winbind trusted domains only = No winbind nested groups = No comment path username invalid users valid users admin users = root, sysadmin, Administrator, admin read list write list printer admin = @dom_admin, @app_admin, root, sysadmin, Administrator, admin force user force group read only = No create mask = 0744 force create mode = 0660 security mask = 0777 force security mode = 00 directory mask = 02770 force directory mode = 02000 directory security mask = 0777 force directory security mode = 00 force unknown acl user = No inherit permissions = No inherit acls = No guest only = No guest ok = No only user = No hosts allow hosts deny allocation roundup size = 1048576 ea support = No nt acl support = Yes profile acls = No map acl inherit = Yes afs share = No block size = 1024 max connections = 0 min print space = 2048 strict allocate = No strict sync = No sync always = No use sendfile = No write cache size = 0 max reported print jobs = 0 max print jobs = 1000 printable = No printing = cups cups options = "raw" print command lpq command = %p lprm command lppause command lpresume command queuepause command queueresume command printer name use client driver = No default devmode = No force printername = No default case = lower case sensitive = Auto preserve case = Yes short preserve case = Yes mangling char = ~ hide dot files = Yes hide special files = No hide unreadable = No hide unwriteable files = No delete veto files = No veto files = lost+found/proc/dev hide files veto oplock files /*.mdb/*.MDB/*.dbf/*.DBF/*.eml/*.nws/*.EML/*.NWS/*.{*}/*.doc/*.DOC/*.xls/*.XLS/*.ldb/*.LDB/*.ppt/*.PPT/*.pub/*.PUB/*.pst/*.PST/*.pmm/*.PMM/*.pmi/*.PMI/*.cnm/*.CNM map system = No map hidden = No map archive = Yes mangled names = Yes mangled map store dos attributes = No browseable = Yes blocking locks = Yes csc policy = manual fake oplocks = No locking = Yes oplocks = Yes level2 oplocks = Yes oplock contention limit = 2 posix locking = Yes strict locking = Yes share modes = Yes copy include preexec preexec close = No postexec root preexec root preexec close = No root postexec available = Yes volume fstype = NTFS set directory = No wide links = Yes follow symlinks = Yes dont descend magic script magic output delete readonly = No dos filemode = No dos filetimes = Yes dos filetime resolution = Yes fake directory create times = No vfs objects msdfs root = No msdfs proxy Thanks for any help in how I tell samba about the linux gid numbers. Regards, -- Urs Rau