Re: [Samba] rid format in sambaSID
On Thu, 13 Nov 2003 [EMAIL PROTECTED] wrote: > > Using ldap as my sam backend and Samba 3.0.0-2, I'm showing that samba > stops parsing a RID when it encounters a letter. For example, I have an > accounting group with gid 2771 and therefore rid ad3. When I list the > groups in the samba domain, however, I get this listing: > > Domain Admins (DOMAINSID-512) -> Domain Admins > Domain Users (DOMAINSID-513) -> Domain Users > Domain Guests (DOMAINSID-514) -> Domain Guests > marketing (DOMAINSID-0) -> marketing > support (DOMAINSID-0) -> support > sales (DOMAINSID-0) -> sales > integrators (DOMAINSID-0) -> integrators > accounting (DOMAINSID-0) -> accounting > > All of the groups showing RID 0 have RIDs that begin with a letter. This > behavior applies to every entry in the SAM. What's going on here? After discussion, it turns out that this isn't a bug - I was synthesizing usee SIDs by appenting the _hexadecimal_ RID to the domain SID. I modified my migration scripts to convert the (hex) rid: attribute in my current ldap SAM to decimal, which resolved the problem. Thanks everyone for your help. -- Michael D. Jurney [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] rid format in sambaSID
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | Effectively, yes. My SAM is currently in LDAP being | served by a samba-tng PDC. I'm migrating the SAM config | and generating the sambaSID value by tacking the hex rid attribute | value onto the domain SID. If samba3 expects the RID to be | represented in decimal, does that mean that DOMAINSID-512 | isn't acually the Domain Admins goup? Should it actually be | DOMAINSID-1298? 512 is base 10 rid for the "Domain Admins" group. cheers, jerry - -- ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "If we're adding to the noise, turn off this song" --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/tPK3IR7qMdg1EfYRAlsDAJ4lzvCmGJgKJO4iSkqWhxw2+5JgtQCg2e6Y qp7vWeqODqHDoXZOa9UbPPU= =OTFH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] rid format in sambaSID
On Thu, 13 Nov 2003, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Thu, 13 Nov 2003, John H Terpstra wrote: > > > On Thu, 13 Nov 2003 [EMAIL PROTECTED] wrote: > > > > > > > > Using ldap as my sam backend and Samba 3.0.0-2, I'm showing that samba > > > stops parsing a RID when it encounters a letter. For example, I have an > > > accounting group with gid 2771 and therefore rid ad3. When I list the > > > groups in the samba domain, however, I get this listing: > > > > > > Domain Admins (DOMAINSID-512) -> Domain Admins > > > Domain Users (DOMAINSID-513) -> Domain Users > > > Domain Guests (DOMAINSID-514) -> Domain Guests > > > marketing (DOMAINSID-0) -> marketing > > > support (DOMAINSID-0) -> support > > > sales (DOMAINSID-0) -> sales > > > integrators (DOMAINSID-0) -> integrators > > > accounting (DOMAINSID-0) -> accounting > > Did you manually set the sambaSID string? We always set it in > decimal. Effectively, yes. My SAM is currently in LDAP being served by a samba-tng PDC. I'm migrating the SAM config and generating the sambaSID value by tacking the hex rid attribute value onto the domain SID. If samba3 expects the RID to be represented in decimal, does that mean that DOMAINSID-512 isn't acually the Domain Admins goup? Should it actually be DOMAINSID-1298? -- Michael D. Jurney [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] rid format in sambaSID
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 13 Nov 2003, John H Terpstra wrote: > On Thu, 13 Nov 2003 [EMAIL PROTECTED] wrote: > > > > > Using ldap as my sam backend and Samba 3.0.0-2, I'm showing that samba > > stops parsing a RID when it encounters a letter. For example, I have an > > accounting group with gid 2771 and therefore rid ad3. When I list the > > groups in the samba domain, however, I get this listing: > > > > Domain Admins (DOMAINSID-512) -> Domain Admins > > Domain Users (DOMAINSID-513) -> Domain Users > > Domain Guests (DOMAINSID-514) -> Domain Guests > > marketing (DOMAINSID-0) -> marketing > > support (DOMAINSID-0) -> support > > sales (DOMAINSID-0) -> sales > > integrators (DOMAINSID-0) -> integrators > > accounting (DOMAINSID-0) -> accounting Did you manually set the sambaSID string? We always set it in decimal. - -- cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song" --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE/tEY3IR7qMdg1EfYRAh8FAJ9Bej5FcfNQy/t2XiiKAZrIPvR0UACfTbnd WJ/EQvAnKiMensIYhjCySWg= =aobt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] rid format in sambaSID
On Thu, 13 Nov 2003 [EMAIL PROTECTED] wrote: > > Using ldap as my sam backend and Samba 3.0.0-2, I'm showing that samba > stops parsing a RID when it encounters a letter. For example, I have an > accounting group with gid 2771 and therefore rid ad3. When I list the > groups in the samba domain, however, I get this listing: > > Domain Admins (DOMAINSID-512) -> Domain Admins > Domain Users (DOMAINSID-513) -> Domain Users > Domain Guests (DOMAINSID-514) -> Domain Guests > marketing (DOMAINSID-0) -> marketing > support (DOMAINSID-0) -> support > sales (DOMAINSID-0) -> sales > integrators (DOMAINSID-0) -> integrators > accounting (DOMAINSID-0) -> accounting > > All of the groups showing RID 0 have RIDs that begin with a letter. This > behavior applies to every entry in the SAM. What's going on here? Please file a bug report on https://bugzilla.samba.org This is a bug. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] rid format in sambaSID
Using ldap as my sam backend and Samba 3.0.0-2, I'm showing that samba stops parsing a RID when it encounters a letter. For example, I have an accounting group with gid 2771 and therefore rid ad3. When I list the groups in the samba domain, however, I get this listing: Domain Admins (DOMAINSID-512) -> Domain Admins Domain Users (DOMAINSID-513) -> Domain Users Domain Guests (DOMAINSID-514) -> Domain Guests marketing (DOMAINSID-0) -> marketing support (DOMAINSID-0) -> support sales (DOMAINSID-0) -> sales integrators (DOMAINSID-0) -> integrators accounting (DOMAINSID-0) -> accounting All of the groups showing RID 0 have RIDs that begin with a letter. This behavior applies to every entry in the SAM. What's going on here? -- Michael D. Jurney [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba