On Mon, Nov 2, 2009 at 6:06 PM, Wayne Rasmussen <[email protected]>wrote:
> Backendwise, it has to be local, we don't have any write permission to AD > or > LDAP. > > If I do: wbinfo -n knixon, I get the ssid back. Taking it to the next > level > with: > wbinfo -S `wbinfo -n knixon` gets me: > Could not convert sid S-1-5-21-1606980848-1644491937-839522115-152478 to > uid > So it looks like we are getting what we need from AD and that I just have > some kind of issue with the smb.conf configuration. > > > Just FYI, hash and rid does not write anything to AD. In fact, I don't think either write anything anywhere, they are generated on the fly. Hash takes the 31-bit uid/gid and for the higher end bits, hashes the domain, on the lower end of the bits, it hashes the user/group part of the SID to make the UID/GID. In RID, it takes a portion of the user/group sid and adds it to the low end of the range, up to the max end that you specify. That is very high level, but the jest of it. I personally like the hash as I don't have to make sure my ranges are the same across boxes (or that my max is high enough) and it works well with trusted domains, a downfall of rid. I do think you need a backend of some sort though. I haven't tried without it, but it really seems to be needed. Robert LeBlanc Life Sciences & Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
