Henrik Langos
2014-Jun-20 07:51 UTC
[Samba] sysvol replication and posix uid / gid mapping
Hi, I just found out the hard way that sysvol replication with rsync stoped working when I activated winbind (libnss-winbind actually) on my primary AD DC. Originally I hadn't planed to activate winbind on the primary AD DC since that machine was not meant to provide any shares. What I hadn't thought of was the fact that GPOs reside as files on the sysvol share and thus are subject to the same rules as any other files. Now I activated winbind and those files now belong to a non-numeric group and rsync complains. Maybe a hint in that regard on https://wiki.samba.org/index.php/SysVol_Replication would be nice. What is the best practice in regard to all those groups like "Domain Admins" "Printer Operators" and so on? Should those get posix uid/gid numbers? Could somebody point me in the right direction? Thanks -henrik
L.P.H. van Belle
2014-Jun-20 07:58 UTC
[Samba] sysvol replication and posix uid / gid mapping
Hai, I suggest try my script or if you not on ubuntu/debian read the script and adapt it to your os. Maybe this works for you with the winbind setup, i dont know but you can try it. Im using this now for about 1 month without problems, and i can change GPO settings on any DC now. https://secure.bazuin.nl/scripts/3-setup-sysvol-bidirectional.sh Best regards, Louis>-----Oorspronkelijk bericht----- >Van: hlangos-samba at innominate.com >[mailto:samba-bounces at lists.samba.org] Namens Henrik Langos >Verzonden: vrijdag 20 juni 2014 9:52 >Aan: samba at lists.samba.org >Onderwerp: [Samba] sysvol replication and posix uid / gid mapping > >Hi, > >I just found out the hard way that sysvol replication with >rsync stoped >working when I activated winbind (libnss-winbind actually) on >my primary >AD DC. > >Originally I hadn't planed to activate winbind on the primary AD DC >since that machine was not meant to provide any shares. >What I hadn't thought of was the fact that GPOs reside as files on the >sysvol share and thus are subject to the same rules as any >other files. >Now I activated winbind and those files now belong to a non-numeric >group and rsync complains. > >Maybe a hint in that regard on >https://wiki.samba.org/index.php/SysVol_Replication would be nice. > >What is the best practice in regard to all those groups like "Domain >Admins" "Printer Operators" and so on? >Should those get posix uid/gid numbers? Could somebody point me in the >right direction? > >Thanks >-henrik > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >