From 163a855d26106ac9c6eaf945a31a6495204de990 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 13 Apr 2002 09:35:52 +0000
Subject: Better handling of uid/gid -> RID and RID -> uid/gid code.

All uids and gids must create valid RIDs, becouse other code expects this, and
can't handle the failure case. (ACL code in particular)

Allow admins to adjust the base of the RID algorithm, so avoid clashes with
users brought in from NT (for example).

Put all the algorithm code back in one place, so that this change is global.

Better coping with NULL sid pointers - but it still breaks a lot of stuff.

BONUS: manpage entry for new paramater :-)

counter based rids for normal users in tdbsam is disabled for the timebeing,
idra and I will work out some things here soon I hope.

Andrew Bartlett
(This used to be commit 5275c94cdf0c64f347d4282f47088d084b1a7ea5)
---
 docs/docbook/manpages/smb.conf.5.sgml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'docs')

diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml
index 1567087d9e..87f8a42895 100644
--- a/docs/docbook/manpages/smb.conf.5.sgml
+++ b/docs/docbook/manpages/smb.conf.5.sgml
@@ -596,6 +596,7 @@
 		<listitem><para><link linkend="ADDSHARECOMMAND"><parameter>add share command</parameter></link></para></listitem>
 		<listitem><para><link linkend="ADDUSERSCRIPT"><parameter>add user script</parameter></link></para></listitem>
 		<listitem><para><link linkend="ADDMACHINESCRIPT"><parameter>add machine script</parameter></link></para></listitem>
+		<listitem><para><link linkend="ALGORITHMICRIDBASE"><parameter>algorithmic rid base</parameter></link></para></listitem>
 		<listitem><para><link linkend="ALLOWTRUSTEDDOMAINS"><parameter>allow trusted domains</parameter></link></para></listitem>
 		<listitem><para><link linkend="ANNOUNCEAS"><parameter>announce as</parameter></link></para></listitem>
 		<listitem><para><link linkend="ANNOUNCEVERSION"><parameter>announce version</parameter></link></para></listitem>
@@ -1136,8 +1137,28 @@
 		<parameter>hosts allow</parameter></link>.</para></listitem>
 		</varlistentry>
 		
+		<varlistentry>
+		<term><anchor id="ALGORITHMICRIDBASE">algorithmic rid base (G)</term>
+		<listitem><para>This determines if Samba how will use its
+                algorithmic mapping from uids/gid to the RIDs needed to construct
+                NT Security Identifiers.</para>
+
+                <para>Setting this option to a larger value could be useful to sites
+                transitioning from WinNT and Win2k, as existing user and 
+                group rids would otherwise clash with sytem users etc. 
+                </para>
+
+                <para>All UIDs and GIDs must be able to be resolved into SIDs for  
+                the correct operation of ACLs on the server.  As such the algorithmic
+                mapping can't be 'turned off', but pushing it 'out of the way' should
+                resolve the issues.  Users and groups can then be assigned 'low' RIDs
+                in arbitary-rid supporting backends. </para>
 
+		<para>Default: <command>algorithmic rid base = 1000</command></para>
 
+		<para>Example: <command>algorithmic rid base = 100000</command></para>
+		</varlistentry>
+		
 		<varlistentry>
 		<term><anchor id="ALLOWTRUSTEDDOMAINS">allow trusted domains (G)</term>
 		<listitem><para>This option only takes effect when the <link 
-- 
cgit