Re: [Samba] rid/autorid issues 3.6.2
You're probably seeing this: https://bugzilla.samba.org/show_bug.cgi?id=8676 For me, started with 3.5 to 3.6 upgrade. Dale Thanks, that does appear to be it. Guess I'm stuck with TDB until there's a fix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] rid/autorid issues 3.6.2
On 02/23/2012 5:59 PM, dack wrote: I'm having issues with idmap autorid and rid on 3.6.2. If I use tdb backend, it works fine. If I do "wbinfo -i testuser" when using rid/autorid, I get this: failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user testuser The same command with tdb returns the info as expected. wbinfo -u and wbinfo -g work fine under all configurations. I could not find anything relevant on bugzilla either. Anyone have any ideas? Here's my settings: #with tdb (this works perfectly) idmap config MYDOMAIN : range = 2 - 2000 idmap config MYDOMAIN : backend = tdb #with rid (does not work) idmap config MYDOMAIN : range = 2 - 2000 idmap config MYDOMAIN : backend = rid You're probably seeing this: https://bugzilla.samba.org/show_bug.cgi?id=8676 For me, started with 3.5 to 3.6 upgrade. Dale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] rid/autorid issues 3.6.2
I'm having issues with idmap autorid and rid on 3.6.2. If I use tdb backend, it works fine. If I do "wbinfo -i testuser" when using rid/autorid, I get this: failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user testuser The same command with tdb returns the info as expected. wbinfo -u and wbinfo -g work fine under all configurations. I could not find anything relevant on bugzilla either. Anyone have any ideas? Here's my settings: #with tdb (this works perfectly) idmap config MYDOMAIN : range = 2 - 2000 idmap config MYDOMAIN : backend = tdb #with rid (does not work) idmap config MYDOMAIN : range = 2 - 2000 idmap config MYDOMAIN : backend = rid -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] rid generation questions
Please CC to the list. From: steff...@gmx.de Date: Mon, 05 Sep 2011 19:41:16 +0200 > > If you want to use old way, you have to use 'old' passdb such as > > smbpasswd or ldapsam_compat instead of ldapsam or tdbsam, although > > they can not keep the detail information of users. > > OK, so far so good. tdbsam is not an option. How does the RID > generation work in 3.5.9 anyway - what is algorithmic rid base for ? "algorithmic rid base" works only under 'old' passdb. > Is this just the start value, the first RID that's being used ? For the 'new' passdb such as ldapsam and tdbsam, the start value is fixed at 1000. > So on first startup sambaNextRid and > sambaNextUserRid get set to this value ? More importantly: How do I > change these values without samba refusing to start, does Samba > store the initial Value for sambaAlgorithmicRidBase in secrets.tdb ? AFAIK, no official method is available. You are using ldapsam, so you may change the start values to change attributes correctly by modifiying LDAP directory directly. --- TAKAHASHI Motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] rid generation questions
Ok, I couldn't find out what sambaAlgorithmicRidBase does but managed to find the source for the RID allocation in pdb_ldap.c where it says: /* Find the largest of the three attributes "sambaNextRid", "sambaNextGroupRid" and "sambaNextUserRid". I gave up on the concept of differentiating between user and group rids, and will use only "sambaNextRid" in the future. But for compatibility reasons I look if others have chosen different strategies -- VL */ Looking at the code I can see that it takes the highest of the three values, increments it and the incremented value is the new RID. So the value of sambaNextRid isn't the next RID but the currently highest RID. Is it safe to use the same strategy if I allocate RIDs via selfmade ldap scripts ? Get the values of all three attributes if they exist, take the highest, increment it in the directory and use the incremented value ? I need to add computer accounts from a server on which I can't (and don't want to) install samba making it impossible to run smbpasswd and would like to allocate the RIDs on my own. Same goes for user accounts which get created via a webmin module. Wouldn't it be safer to set sambaNextRid sambaNextGroupRid and sambaNextUserRid all to the same value ? If someone decides to use for instance sambaNextUserRid in the future and relies on the value being correct wouldn't he be reallocating existing RIDs ? -- NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie! Jetzt informieren: http://www.gmx.net/de/go/freephone -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] rid generation questions
From: steff...@gmx.de Date: Mon, 05 Sep 2011 16:51:57 +0200 > I have a few questions to ask... I am about to migrate from Samba 2 > to 3 (3.5.9). I am going to use LDAP as backend in the future and > came across something I don't understand. As far as I know the 'old' > way to generate RIDs for users is to take their uidnumber, multiply > it by two and add 1000. For computer accounts it would be 1001 > instead of 1000. I am now trying to figure out how this works with > 3.5.9 and ldapsam and if it is possible to re-enable the old > behaviour. If you want to use old way, you have to use 'old' passdb such as smbpasswd or ldapsam_compat instead of ldapsam or tdbsam, although they can not keep the detail information of users. --- TAKAHASHI Motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] rid generation questions
Hello list, I have a few questions to ask... I am about to migrate from Samba 2 to 3 (3.5.9). I am going to use LDAP as backend in the future and came across something I don't understand. As far as I know the 'old' way to generate RIDs for users is to take their uidnumber, multiply it by two and add 1000. For computer accounts it would be 1001 instead of 1000. I am now trying to figure out how this works with 3.5.9 and ldapsam and if it is possible to re-enable the old behaviour. The only thing I could find was this: http://samba.org/samba/history/samba-3.0.11.html where it says: "Beginning with Samba 3.0.0beta3, the RID allocation functions have been moved into winbindd. Previously these were handled by each passdb backend. This means that winbindd must be running to automatically allocate RIDs for users and/or groups. Otherwise, smbd will use the 2.2 algorithm for generating new RIDs" I am not using winbindd but I noticed that new RIDs get created independently from the uidnumber of the account. In the Domain Object the value for sambaAlgorithmicRidBase is 1000, still new RIDs for computer accounts get created by incrementing the value of sambaNextRid which is 1027 right now. I tried to increase sambaAlgorithmicRidBase to 1 so there wouldn't be a collision between old samba 3 accounts and the new ones but this only lead to smbd refusing to start saying that "The value of 'algorithmic RID base' has changed since the LDAP database was initialised.". Since the whole shebang isn't online yet I only have a handful of computer accounts for testing purposes with RIDs in the unwanted 1000s which I could delete. To make a long story short: how do I tell samba to just use the old behaviour for allocation RIDs ? Or if that's not possible: how do I change the algorithmic RID base afterwards ? Thanks, Stephan -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] rid of crash and server crash.
On Thu, Nov 19, 2009 at 01:23:55PM +0100, bluedefense bluedefense wrote: > 2009/11/19 Volker Lendecke : > > >> > >> > >> I have one crash every 3 or 4 minutes of smbd and 2 or 3 crash of kernel > >> per > >> day. > >> Those was started since 3 or 4 days... but before It was a uptime of 2 or 3 > >> hundreds of days. > >> I have about 100 clients xp with some 2003 server. > >> > >> Anyone can help me ? > > > > Can you show us your /etc/nsswitch.conf? > > > > Can you run that under valgrind? > > > I'm sure that nsswitch.conf is ok because I dont touch it since years But maybe one of the modules you refer to has changed? Or did you not do any kind of system updates in years? Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] rid of crash and server crash.
2009/11/19 Volker Lendecke : >> >> >> I have one crash every 3 or 4 minutes of smbd and 2 or 3 crash of kernel per >> day. >> Those was started since 3 or 4 days... but before It was a uptime of 2 or 3 >> hundreds of days. >> I have about 100 clients xp with some 2003 server. >> >> Anyone can help me ? > > Can you show us your /etc/nsswitch.conf? > > Can you run that under valgrind? I'm sure that nsswitch.conf is ok because I dont touch it since years about valgrind sorry but I really dont know how tu use it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] rid of crash and server crash.
On Wed, Nov 18, 2009 at 05:34:05PM +0100, bluedefense bluedefense wrote: > Hi I have a production server with samba 3.0.24 on a debian etch (old > stable) with openldap to manage user accounts. > The following is the backtrace of smbd: > > smbd[3942]: INTERNAL ERROR: Signal 11 in pid 3942 (3.0.24) > smbd[3942]: Please read the Trouble-Shooting section of the Samba3-HOWTO > smbd[3942]: [2009/11/18 17:20:40, 0] lib/fault.c:fault_report(44) > smbd[3942]: > smbd[3942]: From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf > smbd[3942]: [2009/11/18 17:20:40, 0] lib/fault.c:fault_report(45) > smbd[3942]: > === > smbd[3942]: [2009/11/18 17:20:40, 0] lib/util.c:smb_panic(1599) > smbd[3942]: PANIC (pid 3942): internal error > smbd[3942]: [2009/11/18 17:20:40, 0] lib/util.c:log_stack_trace(1706) > smbd[3942]: BACKTRACE: 25 stack frames: > smbd[3942]:#0 /usr/sbin/smbd(log_stack_trace+0x23) [0x822c3d3] > smbd[3942]:#1 /usr/sbin/smbd(smb_panic+0x46) [0x822c4c6] > smbd[3942]:#2 /usr/sbin/smbd [0x821a69a] > smbd[3942]:#3 [0xb7fc7420] > smbd[3942]:#4 /lib/tls/libc.so.6 [0xb7d20f82] > smbd[3942]:#5 /lib/tls/libc.so.6 [0xb7d21277] > smbd[3942]:#6 /lib/tls/libc.so.6(getpwuid_r+0x143) [0xb7cb2743] > smbd[3942]:#7 /lib/tls/libc.so.6(getpwuid+0x7a) [0xb7cb20aa] > smbd[3942]:#8 /usr/sbin/smbd [0x81e9c3d] > smbd[3942]:#9 /usr/sbin/smbd(pdb_uid_to_rid+0x22) [0x81eb1f2] > smbd[3942]:#10 /usr/sbin/smbd(uid_to_sid+0xfe) [0x81ef7ee] > smbd[3942]:#11 /usr/sbin/smbd [0x80e43db] > smbd[3942]:#12 /usr/sbin/smbd(get_nt_acl+0x205) [0x80e7ff5] > smbd[3942]:#13 /usr/sbin/smbd(is_visible_file+0x2a5) [0x8095a45] > smbd[3942]:#14 /usr/sbin/smbd [0x8095e2b] > smbd[3942]:#15 /usr/sbin/smbd(dptr_ReadDirName+0x32) [0x8095e72] > smbd[3942]:#16 /usr/sbin/smbd [0x80c7c63] > smbd[3942]:#17 /usr/sbin/smbd [0x80cab3e] > smbd[3942]:#18 /usr/sbin/smbd(handle_trans2+0x1cf) [0x80cb39f] > smbd[3942]:#19 /usr/sbin/smbd(reply_trans2+0x64c) [0x80d112c] > smbd[3942]:#20 /usr/sbin/smbd [0x80ea674] > smbd[3942]:#21 /usr/sbin/smbd(smbd_process+0x6fd) [0x80eb83d] > smbd[3942]:#22 /usr/sbin/smbd(main+0x10df) [0x82c384f] > smbd[3942]:#23 /lib/tls/libc.so.6(__libc_start_main+0xc8) [0xb7c39ea8] > smbd[3942]:#24 /usr/sbin/smbd [0x8082b11] > smbd[3942]: [2009/11/18 17:20:40, 0] lib/fault.c:dump_core(173) > smbd[3942]: dumping core in /var/log/samba/cores/smbd > smbd[3942]: > > > I have one crash every 3 or 4 minutes of smbd and 2 or 3 crash of kernel per > day. > Those was started since 3 or 4 days... but before It was a uptime of 2 or 3 > hundreds of days. > I have about 100 clients xp with some 2003 server. > > Anyone can help me ? Can you show us your /etc/nsswitch.conf? Can you run that under valgrind? Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] rid of crash and server crash.
Hi I have a production server with samba 3.0.24 on a debian etch (old stable) with openldap to manage user accounts. The following is the backtrace of smbd: smbd[3942]: INTERNAL ERROR: Signal 11 in pid 3942 (3.0.24) smbd[3942]: Please read the Trouble-Shooting section of the Samba3-HOWTO smbd[3942]: [2009/11/18 17:20:40, 0] lib/fault.c:fault_report(44) smbd[3942]: smbd[3942]: From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf smbd[3942]: [2009/11/18 17:20:40, 0] lib/fault.c:fault_report(45) smbd[3942]: === smbd[3942]: [2009/11/18 17:20:40, 0] lib/util.c:smb_panic(1599) smbd[3942]: PANIC (pid 3942): internal error smbd[3942]: [2009/11/18 17:20:40, 0] lib/util.c:log_stack_trace(1706) smbd[3942]: BACKTRACE: 25 stack frames: smbd[3942]:#0 /usr/sbin/smbd(log_stack_trace+0x23) [0x822c3d3] smbd[3942]:#1 /usr/sbin/smbd(smb_panic+0x46) [0x822c4c6] smbd[3942]:#2 /usr/sbin/smbd [0x821a69a] smbd[3942]:#3 [0xb7fc7420] smbd[3942]:#4 /lib/tls/libc.so.6 [0xb7d20f82] smbd[3942]:#5 /lib/tls/libc.so.6 [0xb7d21277] smbd[3942]:#6 /lib/tls/libc.so.6(getpwuid_r+0x143) [0xb7cb2743] smbd[3942]:#7 /lib/tls/libc.so.6(getpwuid+0x7a) [0xb7cb20aa] smbd[3942]:#8 /usr/sbin/smbd [0x81e9c3d] smbd[3942]:#9 /usr/sbin/smbd(pdb_uid_to_rid+0x22) [0x81eb1f2] smbd[3942]:#10 /usr/sbin/smbd(uid_to_sid+0xfe) [0x81ef7ee] smbd[3942]:#11 /usr/sbin/smbd [0x80e43db] smbd[3942]:#12 /usr/sbin/smbd(get_nt_acl+0x205) [0x80e7ff5] smbd[3942]:#13 /usr/sbin/smbd(is_visible_file+0x2a5) [0x8095a45] smbd[3942]:#14 /usr/sbin/smbd [0x8095e2b] smbd[3942]:#15 /usr/sbin/smbd(dptr_ReadDirName+0x32) [0x8095e72] smbd[3942]:#16 /usr/sbin/smbd [0x80c7c63] smbd[3942]:#17 /usr/sbin/smbd [0x80cab3e] smbd[3942]:#18 /usr/sbin/smbd(handle_trans2+0x1cf) [0x80cb39f] smbd[3942]:#19 /usr/sbin/smbd(reply_trans2+0x64c) [0x80d112c] smbd[3942]:#20 /usr/sbin/smbd [0x80ea674] smbd[3942]:#21 /usr/sbin/smbd(smbd_process+0x6fd) [0x80eb83d] smbd[3942]:#22 /usr/sbin/smbd(main+0x10df) [0x82c384f] smbd[3942]:#23 /lib/tls/libc.so.6(__libc_start_main+0xc8) [0xb7c39ea8] smbd[3942]:#24 /usr/sbin/smbd [0x8082b11] smbd[3942]: [2009/11/18 17:20:40, 0] lib/fault.c:dump_core(173) smbd[3942]: dumping core in /var/log/samba/cores/smbd smbd[3942]: I have one crash every 3 or 4 minutes of smbd and 2 or 3 crash of kernel per day. Those was started since 3 or 4 days... but before It was a uptime of 2 or 3 hundreds of days. I have about 100 clients xp with some 2003 server. Anyone can help me ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RID idmap backend: difficulties looking up a user by its uid
Thanks for your answer, Dale. You were right, I had that line wrong. However, I think it just affected what uids the users would get, because the problem remains. I have configured the TDB, LDAP and AD backends successfully; only the RID backend gives me the problem I explained in my original message. I tried using the "idmap config" directive as well... idmap backend = tdb idmap uid = 100-110 idmap gid = 100-110 idmap config WBLABB : backend = rid idmap config WBLABB : range= 1 - 100 winbind use default domain = yes ...with the same result, i.e I need to retrieve the "passwd" entry by username before I can do the reverse. Jakob Dale Schroeder wrote: I believe smb.conf line should be idmap backend = rid:DOMAIN=10-1000 Dale Jakob Ahlin wrote: Hi, I'm having a problem using the RID idmap backend with Winbind. Having configured NSS with the Winbind module, I can use "getent passwd" to look up a user by its username, but not by its uidnumber. However, if I first do a lookup using the username or run wbinfo on the user (specifying either the username or uid), and then try "getent passwd" with the uidnumber, I get the correct result. See here: debianrid:~# getent passwd 161907 debianrid:~# wbinfo --uid-info 161907 lokr:*:161907:100513:Lovisa Kristiansson (lokr):/home/WBLABB/lokr:/bin/sh debianrid:~# getent passwd 161907 lokr:*:161907:100513:Lovisa Kristiansson (lokr):/home/WBLABB/lokr:/bin/sh debianrid:~# Related smb.conf lines: idmap backend = rid idmap uid = 10-1000 idmap gid = 10-1000 winbind use default domain = yes winbind enum groups = yes winbind enum users = yes Version information: Version 3.3.7-SerNet-Debian From log.winbindd-idmap: [2009/08/12 10:13:58, 0] lib/module.c:do_smb_load_module(69) Module '/usr/lib/samba/idmap/rid.so' initialization failed: NT_STATUS_OBJECT_NAME_COLLISION [2009/08/12 10:13:58, 1] winbindd/idmap.c:idmap_alloc_init(580) could not find idmap alloc module rid Any ideas? Regards, Jakob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] RID idmap backend: difficulties looking up a user by its uid
I believe smb.conf line should be idmap backend = rid:DOMAIN=10-1000 Dale Jakob Ahlin wrote: Hi, I'm having a problem using the RID idmap backend with Winbind. Having configured NSS with the Winbind module, I can use "getent passwd" to look up a user by its username, but not by its uidnumber. However, if I first do a lookup using the username or run wbinfo on the user (specifying either the username or uid), and then try "getent passwd" with the uidnumber, I get the correct result. See here: debianrid:~# getent passwd 161907 debianrid:~# wbinfo --uid-info 161907 lokr:*:161907:100513:Lovisa Kristiansson (lokr):/home/WBLABB/lokr:/bin/sh debianrid:~# getent passwd 161907 lokr:*:161907:100513:Lovisa Kristiansson (lokr):/home/WBLABB/lokr:/bin/sh debianrid:~# Related smb.conf lines: idmap backend = rid idmap uid = 10-1000 idmap gid = 10-1000 winbind use default domain = yes winbind enum groups = yes winbind enum users = yes Version information: Version 3.3.7-SerNet-Debian From log.winbindd-idmap: [2009/08/12 10:13:58, 0] lib/module.c:do_smb_load_module(69) Module '/usr/lib/samba/idmap/rid.so' initialization failed: NT_STATUS_OBJECT_NAME_COLLISION [2009/08/12 10:13:58, 1] winbindd/idmap.c:idmap_alloc_init(580) could not find idmap alloc module rid Any ideas? Regards, Jakob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RID idmap backend: difficulties looking up a user by its uid
Hi, I'm having a problem using the RID idmap backend with Winbind. Having configured NSS with the Winbind module, I can use "getent passwd" to look up a user by its username, but not by its uidnumber. However, if I first do a lookup using the username or run wbinfo on the user (specifying either the username or uid), and then try "getent passwd" with the uidnumber, I get the correct result. See here: debianrid:~# getent passwd 161907 debianrid:~# wbinfo --uid-info 161907 lokr:*:161907:100513:Lovisa Kristiansson (lokr):/home/WBLABB/lokr:/bin/sh debianrid:~# getent passwd 161907 lokr:*:161907:100513:Lovisa Kristiansson (lokr):/home/WBLABB/lokr:/bin/sh debianrid:~# Related smb.conf lines: idmap backend = rid idmap uid = 10-1000 idmap gid = 10-1000 winbind use default domain = yes winbind enum groups = yes winbind enum users = yes Version information: Version 3.3.7-SerNet-Debian From log.winbindd-idmap: [2009/08/12 10:13:58, 0] lib/module.c:do_smb_load_module(69) Module '/usr/lib/samba/idmap/rid.so' initialization failed: NT_STATUS_OBJECT_NAME_COLLISION [2009/08/12 10:13:58, 1] winbindd/idmap.c:idmap_alloc_init(580) could not find idmap alloc module rid Any ideas? Regards, Jakob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Rid generation
Den Friday 19 September 2008 09:48:38 skrev Nuno Fernandes: > On Thursday 18 September 2008 18:26:00 Helmut Hullen wrote: > > Hallo, Nuno, > > > > Du (npf-mlists) meintest am 18.09.08: > > > If i have smbpasswd with: > > > > > > user1:1416:803A317873C24BBDAAD3B435B51404EE:2DF2CB1538FE718DE034707A5 > > > 21AA893: [U ]:LCT-1221415636: > > > > > > [EMAIL PROTECTED] samba]# pdbedit -L -v user1 > > > User SID: S-1-5-21-1454471165-2146950999-672003340-1416 > > > > > > Where does it get the 1416 Rid from? > > > > What tells > > > > getent passwd user1 > > > > The Samba Rid looks like the Linux group ID. > > > > Viele Gruesse! > > Helmut > > Nop.. it's not the uid... > > # pdbedit -L -v user2|grep SID; getent passwd user2 > User SID: S-1-5-21-1713105005-2794899747-1095719273-4648 > Primary Group SID:S-1-5-21-1713105005-2794899747-1095719273-513 > user2:x:1824:1824::/home/user1:/sbin/nologin > > Best regards, > Nuno Fernandes It's the following algorithm tas used: uid*2+1000 1824*2+1000=4648 /Ulf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rid generation
On Thursday 18 September 2008 18:27:11 John H Terpstra wrote: > On Thursday 18 September 2008 11:48:44 Nuno Fernandes wrote: > > On Thursday 18 September 2008 15:37:21 Hari Sekhon wrote: > > > Nuno Fernandes wrote: > > > > [EMAIL PROTECTED] samba]# pdbedit -L -v user1 > > > > User SID: S-1-5-21-1454471165-2146950999-672003340-1416 > > > > > > > > Where does it get the 1416 Rid from? > > > > > > Samba does not generate the Rid, that is a Microsoft Domain Controller > > > function (allocation of rids is controlled through the Rid master if I > > > remember my MCSE days correctly) > > > > > > Samba is simply querying the domain controller for the Sid. If samba is > > > being used as a dc, then I guess it must basically do the same thing as > > > Microsoft and generate the rid from 1000 onwards incrementally for each > > > user, similar to what happens for unix uids I expect, since rids and > > > uids are basically the same idea on different platforms. > > > > > > -h > > > > I don't have any windows domain controler. This samba server is the > > domain controller. What i would like to know is how does samba generated > > the RID part? Is it based on what? How is it calculated? > > > > Best regards, > > Nuno Fernandes > > Did you check the Samba3-HOWTO? It is available on-line in HTML or in PDF. > The HTML version is at http://www.samba.org/samba/docs. The PDF can be > downloaded from: > http://www.samba.org/samba/docs/Samba3-HOWTO.pdf > > The PDF has hotlinked index at the back, you will find RID listed in the > index. > > If this does not answer your question please let me know. Hi, I've read the docs and can only find (in page 238) the default rids for some of the users and groups used by windows. The problem is that i'm trying to migrate from AD to samba. I've used some dump tools to generate the smbpasswd of the domain. Next i do pdbedit -i to import it to tdb. But i want to make sure that the sids remain the same so that the the local profiles remain accessible. So i would like to know how does pdbedit get the rids from? Is it from the unix UID and if so, i would have to create the users with special UIDs so that later on when i do the pdbedit import the users RID is correctly defined. Thanks Nuno Fernandes > > - John T. > -- > John H Terpstra > > "Don't do as I do; Show me better!" - Anonymous. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rid generation
On Thursday 18 September 2008 18:26:00 Helmut Hullen wrote: > Hallo, Nuno, > > Du (npf-mlists) meintest am 18.09.08: > > If i have smbpasswd with: > > > > user1:1416:803A317873C24BBDAAD3B435B51404EE:2DF2CB1538FE718DE034707A5 > > 21AA893: [U ]:LCT-1221415636: > > > > [EMAIL PROTECTED] samba]# pdbedit -L -v user1 > > User SID: S-1-5-21-1454471165-2146950999-672003340-1416 > > > > Where does it get the 1416 Rid from? > > What tells > > getent passwd user1 > > The Samba Rid looks like the Linux group ID. > > Viele Gruesse! > Helmut Nop.. it's not the uid... # pdbedit -L -v user2|grep SID; getent passwd user2 User SID: S-1-5-21-1713105005-2794899747-1095719273-4648 Primary Group SID:S-1-5-21-1713105005-2794899747-1095719273-513 user2:x:1824:1824::/home/user1:/sbin/nologin Best regards, Nuno Fernandes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rid generation
Hallo, Nuno, Du (npf-mlists) meintest am 18.09.08: > If i have smbpasswd with: > user1:1416:803A317873C24BBDAAD3B435B51404EE:2DF2CB1538FE718DE034707A5 > 21AA893: [U ]:LCT-1221415636: > [EMAIL PROTECTED] samba]# pdbedit -L -v user1 > User SID: S-1-5-21-1454471165-2146950999-672003340-1416 > Where does it get the 1416 Rid from? What tells getent passwd user1 The Samba Rid looks like the Linux group ID. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rid generation
On Thursday 18 September 2008 11:48:44 Nuno Fernandes wrote: > On Thursday 18 September 2008 15:37:21 Hari Sekhon wrote: > > Nuno Fernandes wrote: > > > [EMAIL PROTECTED] samba]# pdbedit -L -v user1 > > > User SID: S-1-5-21-1454471165-2146950999-672003340-1416 > > > > > > Where does it get the 1416 Rid from? > > > > Samba does not generate the Rid, that is a Microsoft Domain Controller > > function (allocation of rids is controlled through the Rid master if I > > remember my MCSE days correctly) > > > > Samba is simply querying the domain controller for the Sid. If samba is > > being used as a dc, then I guess it must basically do the same thing as > > Microsoft and generate the rid from 1000 onwards incrementally for each > > user, similar to what happens for unix uids I expect, since rids and > > uids are basically the same idea on different platforms. > > > > -h > > I don't have any windows domain controler. This samba server is the domain > controller. What i would like to know is how does samba generated the RID > part? Is it based on what? How is it calculated? > > Best regards, > Nuno Fernandes Did you check the Samba3-HOWTO? It is available on-line in HTML or in PDF. The HTML version is at http://www.samba.org/samba/docs. The PDF can be downloaded from: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf The PDF has hotlinked index at the back, you will find RID listed in the index. If this does not answer your question please let me know. - John T. -- John H Terpstra "Don't do as I do; Show me better!" - Anonymous. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rid generation
Nuno Fernandes wrote: On Thursday 18 September 2008 15:37:21 Hari Sekhon wrote: Nuno Fernandes wrote: [EMAIL PROTECTED] samba]# pdbedit -L -v user1 User SID: S-1-5-21-1454471165-2146950999-672003340-1416 Where does it get the 1416 Rid from? it must basically do the same thing as Microsoft and generate the rid from 1000 onwards incrementally for each user, similar to what happens for unix uids I expect, since rids and uids are basically the same idea on different platforms. I don't have any windows domain controler. This samba server is the domain controller. What i would like to know is how does samba generated the RID part? Is it based on what? How is it calculated My guess would be that it's incremental, like on Windows, as I mentioned above. How else would you generate it? How are uids generate on unix systems? Incrementally. Can any samba dev confirm this? Or perhaps you could just create a few users and see the Rid incrementing each time? -h -- Hari Sekhon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rid generation
On Thursday 18 September 2008 15:37:21 Hari Sekhon wrote: > Nuno Fernandes wrote: > > [EMAIL PROTECTED] samba]# pdbedit -L -v user1 > > User SID: S-1-5-21-1454471165-2146950999-672003340-1416 > > > > Where does it get the 1416 Rid from? > > Samba does not generate the Rid, that is a Microsoft Domain Controller > function (allocation of rids is controlled through the Rid master if I > remember my MCSE days correctly) > > Samba is simply querying the domain controller for the Sid. If samba is > being used as a dc, then I guess it must basically do the same thing as > Microsoft and generate the rid from 1000 onwards incrementally for each > user, similar to what happens for unix uids I expect, since rids and > uids are basically the same idea on different platforms. > > -h I don't have any windows domain controler. This samba server is the domain controller. What i would like to know is how does samba generated the RID part? Is it based on what? How is it calculated? Best regards, Nuno Fernandes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rid generation
Nuno Fernandes wrote: [EMAIL PROTECTED] samba]# pdbedit -L -v user1 User SID: S-1-5-21-1454471165-2146950999-672003340-1416 Where does it get the 1416 Rid from? Samba does not generate the Rid, that is a Microsoft Domain Controller function (allocation of rids is controlled through the Rid master if I remember my MCSE days correctly) Samba is simply querying the domain controller for the Sid. If samba is being used as a dc, then I guess it must basically do the same thing as Microsoft and generate the rid from 1000 onwards incrementally for each user, similar to what happens for unix uids I expect, since rids and uids are basically the same idea on different platforms. -h -- Hari Sekhon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Rid generation
Hi, If i have smbpasswd with: user1:1416:803A317873C24BBDAAD3B435B51404EE:2DF2CB1538FE718DE034707A521AA893: [U ]:LCT-1221415636: and i do: pdbedit -i smbpasswd:file And SID for domain SERVER is: S-1-5-21-1454471165-2146950999-672003340 How does samba generate the rid part of that users sid? [EMAIL PROTECTED] samba]# pdbedit -L -v user1 User SID: S-1-5-21-1454471165-2146950999-672003340-1416 Where does it get the 1416 Rid from? Thanks, Nuno Fernandes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RID
I have my PDC up and running with the old (migrated PCs) I am trying to add a new PC (XP Pro) It doesn't seem to work from the XP Join Domain Dialogue I have added an account with adduser But [EMAIL PROTECTED] samba]# pdbedit -a -m -u AZURE tdb_update_sam: SAM_ACCOUNT (azure$) with no RID! Unable to add machine! (does it already exist?) [EMAIL PROTECTED] samba]# Any idea where I might be going wrong? :-( TIA Simon -- Simon Faulkner Dedicated Programmes 01538 303 900 07771 845 326 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RID question. Samba 3.0.11
I have a RHAS3 test server (3.0.11) with a single XP 5 ws connected. I also have a high school RHAS3/3.0.11 server going into production (as a PDC) next week or thereabout. With mostly Windows 2000 workstations. In the Samba HOWTO the well-known RIDs are detailed, with numeric values. It is stressed (in the HOWTO) that Windows workstations take note of well-known RIDs (appended to localsids). However, when I install a new domain workstation on my test rig: 1: from the HOWTO the RID is supposed to e 515; however: 2: when the trust account is installed by the NT4 SRVMGR.EXE on my XP client, the RID gets to be 513; 3: when installed using 'smbpasswd -a -m' Samba creates its own algorithmic RID. My XP client doesn't seem to take the blindest bit of notice of the RID. The machine trust account is accepted, whatever the value of the RID is. 4: the same applies to the Administrator RID. It's supposed to be 500, but the XP machine accepts DOMAIN\Administrator as God, whatever his RID is, even if it's 3. What gives? --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RID/SIDs
Unfortunatly its in spanish On Sat, 29 Jan 2005 17:06:59 +0100 (CET), Tony Earnshaw <[EMAIL PROTECTED]> wrote: > Daniel Corbe: > > > The smbldap-adduser function works fantastically for adding new > > accounts to the system. I already have existing accounts though in LDAP > > that I need to add all the Samba attributes to. I was just going to write > > a quick and dirty little perl script for it; however I need to understand > > how the individual users are assigned SIDs first. > > The info in this entire thread, plus the answer to what you ask, is > included in the Samba (v.3) PDC LDAP howto by Ignacio Coupeau, CTI, > University of Navarra, http://www.unav.es/. Obviously the RID/SID stuff > has to be known, to enable meaningful LDAP administration. > > I'm an utter newbie to Samba (o.k., v 3.0.9 works fine for me as an > XP/2000 PDC with openldap 2.2.17), but I'm still finding things out at the > rate of knots, after a couple of weeks from scratch. Surprisingly enough, > the help facility on my single home Windows XP workstation is a gem on > RID/SID information, well written too. No, I do not normally like Windows > (or Microsoft in general). > > --Tonni > > -- > mail: [EMAIL PROTECTED] > http://www.billy.demon.nl > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RID/SIDs
Daniel Corbe: > The smbldap-adduser function works fantastically for adding new > accounts to the system. I already have existing accounts though in LDAP > that I need to add all the Samba attributes to. I was just going to write > a quick and dirty little perl script for it; however I need to understand > how the individual users are assigned SIDs first. The info in this entire thread, plus the answer to what you ask, is included in the Samba (v.3) PDC LDAP howto by Ignacio Coupeau, CTI, University of Navarra, http://www.unav.es/. Obviously the RID/SID stuff has to be known, to enable meaningful LDAP administration. I'm an utter newbie to Samba (o.k., v 3.0.9 works fine for me as an XP/2000 PDC with openldap 2.2.17), but I'm still finding things out at the rate of knots, after a couple of weeks from scratch. Surprisingly enough, the help facility on my single home Windows XP workstation is a gem on RID/SID information, well written too. No, I do not normally like Windows (or Microsoft in general). --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RID/SIDs
Every user has to have a unique SID right? Here's my problem The smbldap-adduser function works fantastically for adding new accounts to the system. I already have existing accounts though in LDAP that I need to add all the Samba attributes to. I was just going to write a quick and dirty little perl script for it; however I need to understand how the individual users are assigned SIDs first. -Daniel On Fri, 28 Jan 2005 09:37:14 -0700, John H Terpstra <[EMAIL PROTECTED]> wrote: > On Friday 28 January 2005 09:26, Christian HAESSIG wrote: > > Hi, > > > > does this mean that, in an ads domain, the net getlocalsid command must > > return the sid of the ads domain ? > > The domain SID for a remote domain can be obtained by executing: > > net getlocalsid 'DOMAIN' -S [PDC | BDC] > > - John T. > > > > > Thanks for your answers, > > > > Christian > > > > > -Message d'origine- > > > De : [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] > > > rg]De la part de John H Terpstra > > > Envoyé : vendredi 28 janvier 2005 17:08 > > > À : samba@lists.samba.org; Daniel Corbe > > > Objet : Re: [Samba] RID/SIDs > > > > > > On Friday 28 January 2005 07:52, Daniel Corbe wrote: > > > > Hey > > > > > > > > Can someone point me to a FAQ or an RTFM on what SIDs and RIDs are and > > > > how to generate them properly? > > > > > > The SID is generated automatically by Samba. If you change a > > > Samba server name > > > or workgroup name a new SID will be generated. This is a strong > > > argument in > > > favor of backing up the SID. You can obtain the SID of the Samba > > > server by > > > executing: > > > > > > net getlocalsid > > > SID for domain FRODO is: S-1-5-21-726309263-4128913604-1168186429 > > > > > > The SID can be restored by executing: > > > net setlocalsid S-1-5-21-726309263-4128913604-1168186429 > > > > > > In a Windows NT4 or ADS domain the RID is generated as the > > > account is created. > > > The user SID = domain_SID+RID, in the above case the SID for my > > > user account > > > is S-1-5-21-726309263-4128913604-1168186429-4214. > > > > > > Samba uses an algorithm to create a RID from the users UID. The default > > > algorithm is: RID = (UID x 2) + 1000 > > > > > > The best source of documentation for how this is handled in Samba > > > is in the > > > source code. > > > > > > - John T. > > > -- > > > John H Terpstra > > > Samba-Team Member > > > Phone: +1 (650) 580-8668 > > > > > > Author: > > > The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 > > > Samba-3 by Example, ISBN: 0131472216 > > > Hardening Linux, ISBN: 0072254971 > > > Other books in production. > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/listinfo/samba > > -- > John H Terpstra > Samba-Team Member > Phone: +1 (650) 580-8668 > > Author: > The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 > Samba-3 by Example, ISBN: 0131472216 > Hardening Linux, ISBN: 0072254971 > Other books in production. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RID/SIDs
On Friday 28 January 2005 09:26, Christian HAESSIG wrote: > Hi, > > does this mean that, in an ads domain, the net getlocalsid command must > return the sid of the ads domain ? The domain SID for a remote domain can be obtained by executing: net getlocalsid 'DOMAIN' -S [PDC | BDC] - John T. > > Thanks for your answers, > > Christian > > > -Message d'origine- > > De : [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > > rg]De la part de John H Terpstra > > Envoyé : vendredi 28 janvier 2005 17:08 > > À : samba@lists.samba.org; Daniel Corbe > > Objet : Re: [Samba] RID/SIDs > > > > On Friday 28 January 2005 07:52, Daniel Corbe wrote: > > > Hey > > > > > > Can someone point me to a FAQ or an RTFM on what SIDs and RIDs are and > > > how to generate them properly? > > > > The SID is generated automatically by Samba. If you change a > > Samba server name > > or workgroup name a new SID will be generated. This is a strong > > argument in > > favor of backing up the SID. You can obtain the SID of the Samba > > server by > > executing: > > > > net getlocalsid > > SID for domain FRODO is: S-1-5-21-726309263-4128913604-1168186429 > > > > The SID can be restored by executing: > > net setlocalsid S-1-5-21-726309263-4128913604-1168186429 > > > > In a Windows NT4 or ADS domain the RID is generated as the > > account is created. > > The user SID = domain_SID+RID, in the above case the SID for my > > user account > > is S-1-5-21-726309263-4128913604-1168186429-4214. > > > > Samba uses an algorithm to create a RID from the users UID. The default > > algorithm is: RID = (UID x 2) + 1000 > > > > The best source of documentation for how this is handled in Samba > > is in the > > source code. > > > > - John T. > > -- > > John H Terpstra > > Samba-Team Member > > Phone: +1 (650) 580-8668 > > > > Author: > > The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 > > Samba-3 by Example, ISBN: 0131472216 > > Hardening Linux, ISBN: 0072254971 > > Other books in production. > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RID/SIDs
Hi, does this mean that, in an ads domain, the net getlocalsid command must return the sid of the ads domain ? Thanks for your answers, Christian > -Message d'origine- > De : [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > rg]De la part de John H Terpstra > Envoyé : vendredi 28 janvier 2005 17:08 > À : samba@lists.samba.org; Daniel Corbe > Objet : Re: [Samba] RID/SIDs > > > On Friday 28 January 2005 07:52, Daniel Corbe wrote: > > Hey > > > > Can someone point me to a FAQ or an RTFM on what SIDs and RIDs are and > > how to generate them properly? > > The SID is generated automatically by Samba. If you change a > Samba server name > or workgroup name a new SID will be generated. This is a strong > argument in > favor of backing up the SID. You can obtain the SID of the Samba > server by > executing: > > net getlocalsid > SID for domain FRODO is: S-1-5-21-726309263-4128913604-1168186429 > > The SID can be restored by executing: > net setlocalsid S-1-5-21-726309263-4128913604-1168186429 > > In a Windows NT4 or ADS domain the RID is generated as the > account is created. > The user SID = domain_SID+RID, in the above case the SID for my > user account > is S-1-5-21-726309263-4128913604-1168186429-4214. > > Samba uses an algorithm to create a RID from the users UID. The default > algorithm is: RID = (UID x 2) + 1000 > > The best source of documentation for how this is handled in Samba > is in the > source code. > > - John T. > -- > John H Terpstra > Samba-Team Member > Phone: +1 (650) 580-8668 > > Author: > The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 > Samba-3 by Example, ISBN: 0131472216 > Hardening Linux, ISBN: 0072254971 > Other books in production. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RID/SIDs
On Friday 28 January 2005 07:52, Daniel Corbe wrote: > Hey > > Can someone point me to a FAQ or an RTFM on what SIDs and RIDs are and > how to generate them properly? The SID is generated automatically by Samba. If you change a Samba server name or workgroup name a new SID will be generated. This is a strong argument in favor of backing up the SID. You can obtain the SID of the Samba server by executing: net getlocalsid SID for domain FRODO is: S-1-5-21-726309263-4128913604-1168186429 The SID can be restored by executing: net setlocalsid S-1-5-21-726309263-4128913604-1168186429 In a Windows NT4 or ADS domain the RID is generated as the account is created. The user SID = domain_SID+RID, in the above case the SID for my user account is S-1-5-21-726309263-4128913604-1168186429-4214. Samba uses an algorithm to create a RID from the users UID. The default algorithm is: RID = (UID x 2) + 1000 The best source of documentation for how this is handled in Samba is in the source code. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RID/SIDs
Hey Can someone point me to a FAQ or an RTFM on what SIDs and RIDs are and how to generate them properly? -Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: FW: [Samba] RID to SID Bug? Share ACL Access Denied
Thank you for the response. I tried the suggestions and have found no change. I still see the sid being set to the domain "SAMBASERVER" instead of the W2K ADS domain and the rid logged does not match the actual rid of the user account. <-snip-from machine log> [2004/03/31 15:45:48, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(510) PAC_TYPE_UNKNOWN_10 [2004/03/31 15:45:48, 7] rpc_parse/parse_prs.c:prs_debug(82) 000200 pac_io_unknown_type_10 pac data [2004/03/31 15:45:48, 8] rpc_parse/parse_prs.c:prs_debug(82) 000200 smb_io_time unknown_time [2004/03/31 15:45:48, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0200 low : 719e7000 [2004/03/31 15:45:48, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0204 high: 01c41739 [2004/03/31 15:45:48, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0208 len: 0010 [2004/03/31 15:45:48, 5] rpc_parse/parse_prs.c:prs_uint16s(765) 020a name: t.e.s.t.g.i.r.l. [2004/03/31 15:45:48, 6] rpc_parse/parse_prs.c:prs_debug(82) 00021a pac_io_pac_info_hdr_ctr pac data [2004/03/31 15:45:48, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(452) offset in header(x220) and data(x21c) do not match [2004/03/31 15:45:48, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(481) PAC_TYPE_SERVER_CHECKSUM [2004/03/31 15:45:48, 7] rpc_parse/parse_prs.c:prs_debug(82) 000220 pac_io_pac_signature_data pac data [2004/03/31 15:45:48, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0220 type: ff76 [2004/03/31 15:45:48, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0224 signature: f0 26 d7 63 5d e6 8b 4e 52 40 72 cb 6a f1 ac 16 [2004/03/31 15:45:48, 6] rpc_parse/parse_prs.c:prs_debug(82) 000234 pac_io_pac_info_hdr_ctr pac data [2004/03/31 15:45:48, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(452) offset in header(x238) and data(x234) do not match [2004/03/31 15:45:48, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(495) PAC_TYPE_PRIVSVR_CHECKSUM [2004/03/31 15:45:48, 7] rpc_parse/parse_prs.c:prs_debug(82) 000238 pac_io_pac_signature_data pac data [2004/03/31 15:45:48, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0238 type: ff76 [2004/03/31 15:45:48, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 023c signature: 68 49 32 71 0c 65 b0 f2 05 53 7e 1b 7e 06 52 e2 [2004/03/31 15:45:48, 3] smbd/sesssetup.c:reply_spnego_kerberos(179) Ticket name is [EMAIL PROTECTED] [2004/03/31 15:45:48, 10] smbd/sesssetup.c:reply_spnego_kerberos(220) Mapping [DOMAIN.COM] to short name [2004/03/31 15:45:48, 10] smbd/sesssetup.c:reply_spnego_kerberos(233) Mapped to [DOMAIN] [2004/03/31 15:45:48, 5] lib/username.c:Get_Pwnam(288) Finding user DOMAIN_testgirl [2004/03/31 15:45:48, 5] lib/username.c:Get_Pwnam_internals(223) Trying _Get_Pwnam(), username as lowercase is domain_testgirl [2004/03/31 15:45:48, 5] lib/username.c:Get_Pwnam_internals(251) Get_Pwnam_internals did find user [DOMAIN_testgirl]! [2004/03/31 15:45:48, 6] param/loadparm.c:lp_file_list_changed(2653) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Mar 31 15: 43:28 2004 [2004/03/31 15:45:48, 10] passdb/pdb_get_set.c:pdb_set_username(593) pdb_set_username: setting username DOMAIN_testgirl, was [2004/03/31 15:45:48, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493) element 11 -> now SET [2004/03/31 15:45:48, 10] passdb/pdb_get_set.c:pdb_set_fullname(674) pdb_set_full_name: setting full name testgirl, was [2004/03/31 15:45:48, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493) element 12 -> now SET [2004/03/31 15:45:48, 10] passdb/pdb_get_set.c:pdb_set_unix_homedir(809) pdb_set_unix_homedir: setting home dir /home/DOMAIN/testgirl, was NULL [2004/03/31 15:45:48, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493) element 21 -> now SET [2004/03/31 15:45:48, 10] passdb/pdb_get_set.c:pdb_set_domain(620) pdb_set_domain: setting domain SAMBASERVER, was [2004/03/31 15:45:48, 10] passdb/pdb_get_set.c:pdb_set_user_sid(520) pdb_set_user_sid: setting user sid S-1-5-21-74637098-2648309090-13861X-210 02 [2004/03/31 15:45:48, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493) element 17 -> now SET [2004/03/31 15:45:48, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-74637098-2648309090-13861X-21002 from rid 21002 <-snip-> >does wbinfo -[tug] all work? >What about 'getent passwd' ? Yes all of these work correctly. Do the PAC errors have something to do with this? As seen above, there are a few in the log: "PAC_TYPE_UNKNOWN_10", "pac_io_unknown_type_10 pac data", "offset in header(x238) and data(x234) do not match". What else can I send that will help nail down the problem here? Thanks again. Steve -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 3:37
FW: [Samba] RID to SID Bug? Share ACL Access Denied
Hi, Is this problem related to this bug? Bugzilla Bug 1165 Samba ADS Kerberos login doesnt resolve correct groups when smbd is su'ing to the uid https://bugzilla.samba.org/show_bug.cgi?id=1165 Anyone? Please respond. I am desperate to get this working. Thank you, Steve -Original Message- From: Aden, Steve Sent: Friday, March 26, 2004 3:24 PM To: [EMAIL PROTECTED] Subject: [Samba] RID to SID Bug? Share ACL Access Denied Hello, I have been trying to work through an Access Denied problem and have found that the user rid is not getting mapped properly. I have yet to figure out where the assigned rid is coming from, but I know is that is incorrect. In the log (level 10) for the connecting computer, I see: "pdb_set_user_sid_from_rid: setting user sid S-1-5-21-74637098-2648309090-13861X-21006 from rid 21006" There are two problems here. One the rid should be 1586 as verified with rpcclient. Also the remainder of the sid does not match the W2K ADS domain the samba server has been joined to. Instead it is the SID of the domain for the samba server as verified with "net getlocalsid": SID for domain SAMBASERVER is: S-1-5-21-74637098-2648309090-13861X "net ads status" shows the SID for the SAMBASERVER: distinguishedName: CN=sambaserver,CN=Computers,DC=domain,DC=com objectSid: S-1-5-21-1202660629-1292428093-18016X-1588 The Winbind log shows the correct lookup of the user and sid from the W2K ADS domain. Since the sid doesn't actually represent the user, the share acl's do not match and causes denial to the share. Tdbdump of the winbindd_idmap.tdb shows the user's UID and actual SID. The UID matches what is listed using "getent passwd". The commands wbinfo, getent, smbclient -k all work. I can kinit a user and access Windows shares from the Samba server, but users cannot connect to the Samba server by name from a Windows client. They can access by ip address, but as I understand it, that method does not use kerberos. This is 3.0.2a-1 on Redhat 9.0 with security = ADS. I have searched the Samba list archives and read man pages and the HOWTO, but haven't been able find an answer to why this is happening. Any help would be greatly appreciated. Thank you, Steve Aden Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Opinions, conclusions and other information contained in this message that do not relate to official business shall be understood as neither given nor endorsed by ITS -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba _ This message was content-scanned by IXC Shield Powered by GatewayDefender - BF08d9f679.0001.mml -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RID to SID Bug? Share ACL Access Denied
Hello, I have been trying to work through an Access Denied problem and have found that the user rid is not getting mapped properly. I have yet to figure out where the assigned rid is coming from, but I know is that is incorrect. In the log (level 10) for the connecting computer, I see: "pdb_set_user_sid_from_rid: setting user sid S-1-5-21-74637098-2648309090-13861X-21006 from rid 21006" There are two problems here. One the rid should be 1586 as verified with rpcclient. Also the remainder of the sid does not match the W2K ADS domain the samba server has been joined to. Instead it is the SID of the domain for the samba server as verified with "net getlocalsid": SID for domain SAMBASERVER is: S-1-5-21-74637098-2648309090-13861X "net ads status" shows the SID for the SAMBASERVER: distinguishedName: CN=sambaserver,CN=Computers,DC=domain,DC=com objectSid: S-1-5-21-1202660629-1292428093-18016X-1588 The Winbind log shows the correct lookup of the user and sid from the W2K ADS domain. Since the sid doesn't actually represent the user, the share acl's do not match and causes denial to the share. Tdbdump of the winbindd_idmap.tdb shows the user's UID and actual SID. The UID matches what is listed using "getent passwd". The commands wbinfo, getent, smbclient -k all work. I can kinit a user and access Windows shares from the Samba server, but users cannot connect to the Samba server by name from a Windows client. They can access by ip address, but as I understand it, that method does not use kerberos. This is 3.0.2a-1 on Redhat 9.0 with security = ADS. I have searched the Samba list archives and read man pages and the HOWTO, but haven't been able find an answer to why this is happening. Any help would be greatly appreciated. Thank you, Steve Aden Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Opinions, conclusions and other information contained in this message that do not relate to official business shall be understood as neither given nor endorsed by ITS -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RID of Samba Domain Controller
hi according to this document http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distsys/part5/dsgappe.asp NT Domain Controllers have $SID-516 so what about samba? does my Samba Domain Controller (PDC) really need this -516 RID or is a RID of -515 enough (Domain Workstations) i ask because i want to use my PDC as conform as possible to the old NT PDC thx in advance greez -- "Matrix - more than a vision" ** Michael Gasch Max Planck Institute for Evolutionary Anthropology Deutscher Platz 6 04103 Leipzig Germany ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] rid format in sambaSID
On Thu, 13 Nov 2003 [EMAIL PROTECTED] wrote: > > Using ldap as my sam backend and Samba 3.0.0-2, I'm showing that samba > stops parsing a RID when it encounters a letter. For example, I have an > accounting group with gid 2771 and therefore rid ad3. When I list the > groups in the samba domain, however, I get this listing: > > Domain Admins (DOMAINSID-512) -> Domain Admins > Domain Users (DOMAINSID-513) -> Domain Users > Domain Guests (DOMAINSID-514) -> Domain Guests > marketing (DOMAINSID-0) -> marketing > support (DOMAINSID-0) -> support > sales (DOMAINSID-0) -> sales > integrators (DOMAINSID-0) -> integrators > accounting (DOMAINSID-0) -> accounting > > All of the groups showing RID 0 have RIDs that begin with a letter. This > behavior applies to every entry in the SAM. What's going on here? After discussion, it turns out that this isn't a bug - I was synthesizing usee SIDs by appenting the _hexadecimal_ RID to the domain SID. I modified my migration scripts to convert the (hex) rid: attribute in my current ldap SAM to decimal, which resolved the problem. Thanks everyone for your help. -- Michael D. Jurney [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] rid format in sambaSID
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | Effectively, yes. My SAM is currently in LDAP being | served by a samba-tng PDC. I'm migrating the SAM config | and generating the sambaSID value by tacking the hex rid attribute | value onto the domain SID. If samba3 expects the RID to be | represented in decimal, does that mean that DOMAINSID-512 | isn't acually the Domain Admins goup? Should it actually be | DOMAINSID-1298? 512 is base 10 rid for the "Domain Admins" group. cheers, jerry - -- ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "If we're adding to the noise, turn off this song" --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/tPK3IR7qMdg1EfYRAlsDAJ4lzvCmGJgKJO4iSkqWhxw2+5JgtQCg2e6Y qp7vWeqODqHDoXZOa9UbPPU= =OTFH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] rid format in sambaSID
On Thu, 13 Nov 2003, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Thu, 13 Nov 2003, John H Terpstra wrote: > > > On Thu, 13 Nov 2003 [EMAIL PROTECTED] wrote: > > > > > > > > Using ldap as my sam backend and Samba 3.0.0-2, I'm showing that samba > > > stops parsing a RID when it encounters a letter. For example, I have an > > > accounting group with gid 2771 and therefore rid ad3. When I list the > > > groups in the samba domain, however, I get this listing: > > > > > > Domain Admins (DOMAINSID-512) -> Domain Admins > > > Domain Users (DOMAINSID-513) -> Domain Users > > > Domain Guests (DOMAINSID-514) -> Domain Guests > > > marketing (DOMAINSID-0) -> marketing > > > support (DOMAINSID-0) -> support > > > sales (DOMAINSID-0) -> sales > > > integrators (DOMAINSID-0) -> integrators > > > accounting (DOMAINSID-0) -> accounting > > Did you manually set the sambaSID string? We always set it in > decimal. Effectively, yes. My SAM is currently in LDAP being served by a samba-tng PDC. I'm migrating the SAM config and generating the sambaSID value by tacking the hex rid attribute value onto the domain SID. If samba3 expects the RID to be represented in decimal, does that mean that DOMAINSID-512 isn't acually the Domain Admins goup? Should it actually be DOMAINSID-1298? -- Michael D. Jurney [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] rid format in sambaSID
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 13 Nov 2003, John H Terpstra wrote: > On Thu, 13 Nov 2003 [EMAIL PROTECTED] wrote: > > > > > Using ldap as my sam backend and Samba 3.0.0-2, I'm showing that samba > > stops parsing a RID when it encounters a letter. For example, I have an > > accounting group with gid 2771 and therefore rid ad3. When I list the > > groups in the samba domain, however, I get this listing: > > > > Domain Admins (DOMAINSID-512) -> Domain Admins > > Domain Users (DOMAINSID-513) -> Domain Users > > Domain Guests (DOMAINSID-514) -> Domain Guests > > marketing (DOMAINSID-0) -> marketing > > support (DOMAINSID-0) -> support > > sales (DOMAINSID-0) -> sales > > integrators (DOMAINSID-0) -> integrators > > accounting (DOMAINSID-0) -> accounting Did you manually set the sambaSID string? We always set it in decimal. - -- cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song" --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE/tEY3IR7qMdg1EfYRAh8FAJ9Bej5FcfNQy/t2XiiKAZrIPvR0UACfTbnd WJ/EQvAnKiMensIYhjCySWg= =aobt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] rid format in sambaSID
On Thu, 13 Nov 2003 [EMAIL PROTECTED] wrote: > > Using ldap as my sam backend and Samba 3.0.0-2, I'm showing that samba > stops parsing a RID when it encounters a letter. For example, I have an > accounting group with gid 2771 and therefore rid ad3. When I list the > groups in the samba domain, however, I get this listing: > > Domain Admins (DOMAINSID-512) -> Domain Admins > Domain Users (DOMAINSID-513) -> Domain Users > Domain Guests (DOMAINSID-514) -> Domain Guests > marketing (DOMAINSID-0) -> marketing > support (DOMAINSID-0) -> support > sales (DOMAINSID-0) -> sales > integrators (DOMAINSID-0) -> integrators > accounting (DOMAINSID-0) -> accounting > > All of the groups showing RID 0 have RIDs that begin with a letter. This > behavior applies to every entry in the SAM. What's going on here? Please file a bug report on https://bugzilla.samba.org This is a bug. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] rid format in sambaSID
Using ldap as my sam backend and Samba 3.0.0-2, I'm showing that samba stops parsing a RID when it encounters a letter. For example, I have an accounting group with gid 2771 and therefore rid ad3. When I list the groups in the samba domain, however, I get this listing: Domain Admins (DOMAINSID-512) -> Domain Admins Domain Users (DOMAINSID-513) -> Domain Users Domain Guests (DOMAINSID-514) -> Domain Guests marketing (DOMAINSID-0) -> marketing support (DOMAINSID-0) -> support sales (DOMAINSID-0) -> sales integrators (DOMAINSID-0) -> integrators accounting (DOMAINSID-0) -> accounting All of the groups showing RID 0 have RIDs that begin with a letter. This behavior applies to every entry in the SAM. What's going on here? -- Michael D. Jurney [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RID numbers
On Wed, 2003-07-02 at 21:14, Andrey Nepomnyaschih wrote: > Well, no luck for me. > > Can you specify the whole requirements for this to work. > > ... > passdb backend = ldapsam:ldap://localhost/ > ldap suffix = > ldap admin dn = > > Idmap backend = ldap:ldap://localhost/ > ... > > Should I enable ldap trust ids too? I don't think it changes this issue. You do need to delete the winbindd_idmap.tdb to remove the previous cache. And you need the ldap suffix, ldap admin dn specified. Andrew Bartlett > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Andrew Bartlett > Sent: Wednesday, July 02, 2003 1:40 PM > To: Andrey Nepomnyaschih > Cc: [EMAIL PROTECTED]; 'Andrew Bartlett' > Subject: RE: [Samba] RID numbers > > > On Wed, 2003-07-02 at 19:18, Andrey Nepomnyaschih wrote: > > Hello Andrew, > > > > Well I've got the samba 3.0beta2 and it seems that Samba stills > > expects RID to be as (uidNumber * 2 + 1000). > > > > I'll try decribe the situation maybe the problem lies somewhere else. > > > > I have an Administrator account with uidNumber of 0. And whenever I > > set its RID to 500 (default from NT world) there's no way to add > > workstations to domain with the Administrator account. On the opposite > > > side when I set RID to 1000 (0 * 2 + 1000) it works fine. So I assume > > that samba doesn't use the mapping between uidNumber from posixAccount > > > and sambaSID from sambaSamAccount, when checks whether the account has > > > root access. > > > > Can you clarify this thing to me? > > In order to use arbitary rids in LDAP, you *must* use 'idmap backed = > ldap:ldap://localhost' (as appropriate for your setup). > > I will see how this can be best automated/documented to avoid future > confusion. > > Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RID numbers
Well, no luck for me. Can you specify the whole requirements for this to work. ... passdb backend = ldapsam:ldap://localhost/ ldap suffix = ldap admin dn = Idmap backend = ldap:ldap://localhost/ ... Should I enable ldap trust ids too? Have a good time, Andrey Nepomnyaschih -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Bartlett Sent: Wednesday, July 02, 2003 1:40 PM To: Andrey Nepomnyaschih Cc: [EMAIL PROTECTED]; 'Andrew Bartlett' Subject: RE: [Samba] RID numbers On Wed, 2003-07-02 at 19:18, Andrey Nepomnyaschih wrote: > Hello Andrew, > > Well I've got the samba 3.0beta2 and it seems that Samba stills > expects RID to be as (uidNumber * 2 + 1000). > > I'll try decribe the situation maybe the problem lies somewhere else. > > I have an Administrator account with uidNumber of 0. And whenever I > set its RID to 500 (default from NT world) there's no way to add > workstations to domain with the Administrator account. On the opposite > side when I set RID to 1000 (0 * 2 + 1000) it works fine. So I assume > that samba doesn't use the mapping between uidNumber from posixAccount > and sambaSID from sambaSamAccount, when checks whether the account has > root access. > > Can you clarify this thing to me? In order to use arbitary rids in LDAP, you *must* use 'idmap backed = ldap:ldap://localhost' (as appropriate for your setup). I will see how this can be best automated/documented to avoid future confusion. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RID numbers
On Wed, 2003-07-02 at 19:18, Andrey Nepomnyaschih wrote: > Hello Andrew, > > Well I've got the samba 3.0beta2 and it seems that Samba stills expects > RID to be as (uidNumber * 2 + 1000). > > I'll try decribe the situation maybe the problem lies somewhere else. > > I have an Administrator account with uidNumber of 0. And whenever I set > its RID to 500 (default from NT world) there's no way to add > workstations to domain with the Administrator account. On the opposite > side when I set RID to 1000 (0 * 2 + 1000) it works fine. So I assume > that samba doesn't use the mapping between uidNumber from posixAccount > and sambaSID from sambaSamAccount, when checks whether the account has > root access. > > Can you clarify this thing to me? In order to use arbitary rids in LDAP, you *must* use 'idmap backed = ldap:ldap://localhost' (as appropriate for your setup). I will see how this can be best automated/documented to avoid future confusion. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RID numbers
Hello Andrew, Well I've got the samba 3.0beta2 and it seems that Samba stills expects RID to be as (uidNumber * 2 + 1000). I'll try decribe the situation maybe the problem lies somewhere else. I have an Administrator account with uidNumber of 0. And whenever I set its RID to 500 (default from NT world) there's no way to add workstations to domain with the Administrator account. On the opposite side when I set RID to 1000 (0 * 2 + 1000) it works fine. So I assume that samba doesn't use the mapping between uidNumber from posixAccount and sambaSID from sambaSamAccount, when checks whether the account has root access. Can you clarify this thing to me? Have a good time, Andrey Nepomnyaschih -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Bartlett Sent: Saturday, June 28, 2003 5:57 PM To: Andrey Nepomnyaschih Cc: [EMAIL PROTECTED] Subject: Re: [Samba] RID numbers On Sat, 2003-06-28 at 21:01, Andrey Nepomnyaschih wrote: > Thanks for the answer Andrew, > > I've got another question on the RID numbers. > > It's a long time for now RIDs for users and groups should have been > calculated from uidNumber and gidNumber respectively. If I set RID of > user to anything else than (uidNumber * 2 + 1000) I'm asking for big > troubles. Is there any feature in plans to remove this requirement? > And does sambaGroupMapping class in schema solves this for groups? With Samba 3.0beta2 (and current CVS) if you have an entry in LDAP with both the SambaSID and the uidNumber it should use that mapping. Likewise for groups, with that sambaGroupMapping. You should consider your case carefully - only do this if you need to, and consider if you want to adjust the value of 'algrithmic RID base' to avoid having an algorithmic RID in that space. Andrew Bartlett -- Andrew Bartlett <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RID numbers
On Sat, 2003-06-28 at 21:01, Andrey Nepomnyaschih wrote: > Thanks for the answer Andrew, > > I've got another question on the RID numbers. > > It's a long time for now RIDs for users and groups should have been > calculated from uidNumber and gidNumber respectively. If I set RID of > user to anything else than (uidNumber * 2 + 1000) I'm asking for big > troubles. Is there any feature in plans to remove this requirement? And > does sambaGroupMapping class in schema solves this for groups? With Samba 3.0beta2 (and current CVS) if you have an entry in LDAP with both the SambaSID and the uidNumber it should use that mapping. Likewise for groups, with that sambaGroupMapping. You should consider your case carefully - only do this if you need to, and consider if you want to adjust the value of 'algrithmic RID base' to avoid having an algorithmic RID in that space. Andrew Bartlett -- Andrew Bartlett <[EMAIL PROTECTED]> signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RID numbers
Thanks for the answer Andrew, I've got another question on the RID numbers. It's a long time for now RIDs for users and groups should have been calculated from uidNumber and gidNumber respectively. If I set RID of user to anything else than (uidNumber * 2 + 1000) I'm asking for big troubles. Is there any feature in plans to remove this requirement? And does sambaGroupMapping class in schema solves this for groups? Have a good time, Andrey Nepomnyaschih -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Bartlett Sent: Saturday, June 28, 2003 2:26 PM To: Andrey Nepomnyaschih Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Computer Account On Sat, 2003-06-28 at 18:33, Andrey Nepomnyaschih wrote: > Hello, > > Does samba-3.0.0beta-1 still requires a computer account to be present > inside OS user database? I had heard there were moves to make that > obsolete. No, provided you correctly configure it, this is no longer required. If you allocate 'idmap uid 1-2' then smbd will create accounts in that range, if they don't already exist. This will be tightened up a little, but for machines should still work. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
