Despite that RID!=GID, mappings between samba rids and groups must be there if you want the server to act as a PDC. If there are some GID's mapped to i.e. RID 512, and these GID is used by another group, then there will be a conflict.
I had this problem one week ago, when I was trying to give permissions to a folder. So, choose N GID's to map with samba RID's or change the group GID of these conflicting groups. Be also areful with UID. 2009/3/24 Adam Tauno Williams <awill...@whitemice.org>: > On Tue, 2009-03-24 at 12:10 -0500, Derek Werthmuller wrote: >> In the planning process for migrating from NT4 PDC, and external ldap >> directory to samba 3.2.8 PDC. The external existing openldap directory is >> used currently to support the local uid mapping for the Linux logins and >> samba file servers that are members of the current NT4 PDC. >> While looking at the existing openldap UIDs and GIDs in use and what the >> samba PDC wants to use I see some uid/gid collisions. For example I see >> that the Domain Admins uses gid 512, just so happens to be the same as a >> file system group(in the ldap directory). > > No, it doesn't. RID != GID. A RID is a component of the SID and SIDs > are mapped to UIDs & GIDs. > >> Is it better to change the users group gid and leave the samba domain admins >> and such the way they are? > > Not necessary. > >> I suspect a small shell script can crawl the file system and replace one gid >> for another if I were to change the users GID. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba