Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

how to find next available UID and GID (Unix Attributes)

782 views
Skip to first unread message

Nick

unread,
Aug 10, 2009, 2:42:01 AM8/10/09
to
Hi there,

Does anyone know how to find the next available UID and GID values for the
users and groups when setting their Unix attributes? There are suggestions
that this can be done by searching the entire directory for users and groups,
get their UID and GID values and find out the next one. Before I go down this
path, I would like to know if there is better solutions.

Thanks

Ashish

unread,
Aug 13, 2009, 9:14:09 PM8/13/09
to
You can find the highest value assigned so far stored in
msSFU30MaxUidNumber attribute on Domains > Your Domain > System >
RpcServices > YpServ30 > Ypservers > <NIS Domain>

- Ashish

Nick

unread,
Aug 16, 2009, 7:29:01 PM8/16/09
to
Thanks Ashish.

When you import an NIS domain, initially there is no value set for the
attributes msSFU30MaxUidNumber and msSFU30MaxGidNumber. On the system that I
have, the ADUC sets the uid to 10000 the first time I added a user to the NIS
domain. Do you know how it decides what number to use initially?

Thank a lot.

Nick

Ashish

unread,
Aug 17, 2009, 3:45:59 AM8/17/09
to
I always thought the default value for these particular attributes are
set to 10000. Check under the Passwd/Group container on the same
attributes - maybe that's where it is used from.

- Ashish

Nick

unread,
Aug 18, 2009, 8:06:01 PM8/18/09
to
Thanks Ashish.

Another question if I may.
With ADUC, when you add an AD user to an NIS domain, it also sets values for
attributes "msSFU30Name", "uid" and "unixUserPassword". My questions is where
it gets the values for those attributes. It seems that it sets the values for
"msSFU30Name" and "uid" using the same value of either "cn", "displayName" or
"name" attributes. For the "unixUserPassword", I am assuming it is just set
to the same value as the user's AD password.

Thanks

Nick

Nick

unread,
Aug 19, 2009, 4:54:01 AM8/19/09
to
Hi Ashish,

It seems that if I use a client other than ADUC, I have to update the values
for msSFU30MaxUidNumber and msSFU30MaxGidNumber myself when I add a user to
the NIS domain. It seems that they are not managed by active directory
itself. Right?

Thanks

Nick

Ashish

unread,
Aug 19, 2009, 3:30:31 PM8/19/09
to
Right - those values are used/updated updated by the UNIX Attributes
tab when you use to update a user or a group.

msSFU30Name and uid can be set to the same value as sAMAccountName.
unixUserPassword attribute contains users' NIS password and it is
populated by the password filter that is installed when you install
Password Sync component on the DCs. This password filter intercepts
the password at password change, encrypts it using crypt or md5 and
stores the hash in unixUserPassword that is later used by Server for
NIS to authenticate the users over NIS.

- Ashish

0 new messages