Hello all, I have a fresh install of two CentOS 7 machines. On DC1 I made a domain provision with --use-rfc2307. In DC2 I made a join as DC - both exactly as the wiki advised. In fact of its missing I added the idmap use rfc2307 yes parameter to smb.conf. I will have an extra share on both DCs. Today I realized, that wbinfo shows different UID/GID for the same users or groups on the DC's. I created the users/groups via RSAT. I don't have a Unix attributes tab in RSAT. Is that my problem for different uid/gid? Thanks in advance Tim
On 09/12/14 22:07, Tim wrote:> Hello all, > > I have a fresh install of two CentOS 7 machines. On DC1 I made a domain provision with --use-rfc2307. In DC2 I made a join as DC - both exactly as the wiki advised. > > In fact of its missing I added the idmap use rfc2307 yes parameter to smb.conf. > > I will have an extra share on both DCs. > > Today I realized, that wbinfo shows different UID/GID for the same users or groups on the DC's. > > I created the users/groups via RSAT. I don't have a Unix attributes tab in RSAT. Is that my problem for different uid/gid? > > Thanks in advance > Tim >Hi What do you have at: /etc/nsswitch.conf ?
On 09/12/14 21:07, Tim wrote:> Hello all, > > I have a fresh install of two CentOS 7 machines. On DC1 I made a domain provision with --use-rfc2307. In DC2 I made a join as DC - both exactly as the wiki advised. > > In fact of its missing I added the idmap use rfc2307 yes parameter to smb.conf. > > I will have an extra share on both DCs. > > Today I realized, that wbinfo shows different UID/GID for the same users or groups on the DC's. > > I created the users/groups via RSAT. I don't have a Unix attributes tab in RSAT. Is that my problem for different uid/gid? > > Thanks in advance > TimHi, I think your problem is that idmap.ldb does not replicate to the new DC, this means that users get different UID's on the two DC's. If you run: ldbedit -e nano -H /var/lib/samba/private/idmap.ldb on each DC, you will be able to see the differences. The cure ? copy idmap.ldb from the first DC to any secondary DC's after the join. It is documented here: https://wiki.samba.org/index.php/Join_a_domain_as_a_DC , near the bottom of the page. Rowland
But will this idmap.ldb change work for upcoming new users or groups so that uid/gid will not be different? The wiki tells us about built-in groups. Those have the right ids. Am 9. Dezember 2014 23:03:44 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>:>On 09/12/14 21:07, Tim wrote: >> Hello all, >> >> I have a fresh install of two CentOS 7 machines. On DC1 I made a >domain provision with --use-rfc2307. In DC2 I made a join as DC - both >exactly as the wiki advised. >> >> In fact of its missing I added the idmap use rfc2307 yes parameter to >smb.conf. >> >> I will have an extra share on both DCs. >> >> Today I realized, that wbinfo shows different UID/GID for the same >users or groups on the DC's. >> >> I created the users/groups via RSAT. I don't have a Unix attributes >tab in RSAT. Is that my problem for different uid/gid? >> >> Thanks in advance >> Tim > >Hi, I think your problem is that idmap.ldb does not replicate to the >new >DC, this means that users get different UID's on the two DC's. > >If you run: > >ldbedit -e nano -H /var/lib/samba/private/idmap.ldb > >on each DC, you will be able to see the differences. > >The cure ? copy idmap.ldb from the first DC to any secondary DC's after > >the join. > >It is documented here: >https://wiki.samba.org/index.php/Join_a_domain_as_a_DC , near the >bottom >of the page. > >Rowland >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba