On Tue, 2009-03-24 at 19:31 +0100, LiPi - wrote: > Despite that RID!=GID, mappings between samba rids and groups must be > there if you want the server to act as a PDC. If there are some GID's > mapped to i.e. RID 512, and these GID is used by another group, then > there will be a conflict.
No, because that is just not how the mapping works. $ ldapsearch -LLL sambaSID=S-1-5-21-2037442776-3290224752-88127236-512 dn: cn=cifsadmins,ou=Groups,ou=SAM,o=Morrison Industries,c=US objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping cn: cifsadmins gidNumber: 1999 sambaSID: S-1-5-21-2037442776-3290224752-88127236-512 sambaGroupType: 2 description: Local Unix group displayName: Domain Admins memberUid: steve memberUid: cleslie memberUid: adam memberUid: rhopkins memberUid: bonjour You map domain groups to POSIX groups using the "net groupmap" command, the RID:GID relationship is completely arbitrary. They might be the same, might not, it just doesn't matter. I have no idea what "GID's mapped to i.e. RID 512, and these GID is used by another group" even means. How is a GID "used by another group"? The GID is the unique identifier of a POSIX group. If you have multiple groups with the same GID - that is just messed up. With "net groupmap" you establish the relationships of SIDs to GIDs; the RID just the part of the SID relative to the domain portion on the SID. > I had this problem one week ago, when I was trying to give permissions > to a folder. So, choose N GID's to map with samba RID's or change the > group GID of these conflicting groups. Be also areful with UID. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba