Hi there, I'm the process of centralizing user authentication for a medium-sized network with a few Linux servers, some of them runnng samba. The idea is migrating all user definitions from both /etc/{passwd,shadow,groups} and samba tdb to a central LDAP directory.
Most servers had the same set of users, but as each one was administered in isolation (no NIS not all samba servers were part of the same windows domain) there are many inconsistencies between all servers. I have already done my homework and found whenever the same user had different uids or group assignments, and planed the steps required to get everything in sync (like changing file owners). My question regards sambaAccount x posixAccount in LDAP. Samba docs state that Unix uids/gids and Windows SIDs are algoritmically mapped implying that given a Windows user SID the Unix uid needs to have a certain value, and vice-versa. But I wish to change as few as possible existing uid/gids. I see sambaAccount has a sid field, and posixAccount has a uid field. So, if I do store values for both, using the ones from previous servers, they won't conform to the mapping algoritm. Is that ok? Or will I have to change either the Windows user sid or the Unix user uid so sambaAccount and posixAccout values agree with the mapping algoritm? []s, Fernando Lozano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba