[KLUG Members] Help for upgrade to Samba 3.0.1 (LDAPSAM) fm 2.2.8a anybody?

[Adam Williams]

> |Well, technically all uidNumbers must be unique, and all gidNumbers must
> |be unique but uid space and gid space are seperate.  uid = 0 has a
> |special meaning, everything else is just a number.  Personally it is
> Includeing gid/gidNumber=0?  I note that the root group is also gid=0
> and that all of roots files belong to this group.

This is kind of a stupid UNIX things.  Files have to have a group owner,
so a group, which really serves no other good purpose, is created to
satisfy that need.


> |For example, we use -
> |[root@littleboy /root]# net groupmap list
> |Mail Managers (S-1-5-21-2037442776-3290224752-88127236-1507) -> mailmgmt
> |...
> |Domain Admins (S-1-5-21-2037442776-3290224752-88127236-512) -> admins
> Here is what I've got now:
> [root@enigma root]# net3 groupmap list
> Administrators (S-1-5-21-1825057718-3407101348-4194330872-544) -> root
> Users (S-1-5-21-1825057718-3407101348-4194330872-545) -> dusers
> Guests (S-1-5-21-1825057718-3407101348-4194330872-514) -> nogroup

Well, the group you want to be admins must have a RID of 512, so just go
into LDAP and edit that one.  Users and Guests also have specific RID
requirements. (Users is 513, Guests is 514).  544 is Built-In Admins, 
which I don't think is what you want.

> Now I notice that despite the fact that there is no root group in my
> LDAP db, it is dispalying as root.  The group is actually named admins.
> Is this because admins is gidNumber=0 ?

Most likely,  if NSS is using files first (almost certainly true, and
correct) then the glibc call will return the name from /etc/group rather
than the one from LDAP.  It probably doesn't matter in practice, just is
a little confusing. You could change /etc/group to read admins instead
of root - just so everything reads the same - the gidNumber is actually
what matters anyway.