[CentOS] Samba, id, uid, Active Directory and CentOS 5

Fri Dec 17 16:02:31 UTC 2010
James Pearson <james-p at moving-picture.com>

Scott Ehrlich wrote:
> I have some CentOS 5 systems that are part of an Active Directory
> Windows 2003 domain (using natively configured files - not likewise
> open).
> 
> getent passwd my_account reveals uid and gid are both 10000:10000.
> 
> Thus, typing: % id
> 
> reveals a uid of 10000.
> 
> /etc/passwd does NOT have my local account created - credentials are
> strictly from the Active Directory domain.
> 
> The username is of the format se123456.
> 
> I want my uid to be of the format 123456 (numeric part of the username.
> 
> I have looked at many options for smb.conf configurations.
> 
> At this point, I'm starting to believe that if getent passwd provides
> 10000:10000 fior uid/gid then id is providing the correct details.
> My SID from the domain controller is correct when queried from CentOS.
> 
> usermod will not work to change the id since there is no entry in /etc/passwd.
> 
> Might a shell script of some kind help convert my uid from 10000 to
> 123456?   It should not be static calculation, since anyone logging in
> to that system should have their id equal the numeric portion of their
> username, and the numeric part may be a smaller value than 10000.
> 
> The numeric part of the username matches no part of the SID from Windows.

Have a look at the bit about the rfc2307 schema at: 
<http://wiki.samba.org/index.php/Samba_&_Active_Directory#Advanced_Configuration>

If you are running Windows 2003 R2 with the optional IDMU (Identity 
Management for Unix), then you can store Unix UID/GID (and other 
standard passwd fields) in Active Directory for each user - and use 
these via winbind

James Pearson