I have an AD domain (Samba 4.1.13 domain controllers) and some Samba 3.6 clients. I would like the uid/gid mappings to be consistent across the two sets of machines. The Samba4 DCs have the following line in smb.conf: idmap_ldb:use rfc2307 = yes and their uids/gids are in sync across all four of them. The Samba 3.6 domain members currently have: idmap config MBSW : backend = rid idmap config MBSW : range = 10000001-20000000 in their smb.conf. As a result the uids/gids match between the Samba 3.6 domain members, but are completely different to the Samba4 DCs. Is there a way to configure the 3.6 domain members to use the same uid/gid mapping as the Samba4 DCs? Many thanks, Will
Hi William,> I have an AD domain (Samba 4.1.13 domain controllers) and some Samba 3.6 > clients. > I would like the uid/gid mappings to be consistent across the two sets of > machines. > > The Samba4 DCs have the following line in smb.conf: > > idmap_ldb:use rfc2307 = yes > > and their uids/gids are in sync across all four of them. > > The Samba 3.6 domain members currently have: > > idmap config MBSW : backend = rid > idmap config MBSW : range = 10000001-20000000if you are using rfc2307 on one side and rid on the other, it is pretty sure that it won't be in sync. You should use rfc2307 also on the samba 3.6, with something like [global] workgroup = MONDOMAINE security = ADS realm = MONDOMAINE.LOCAL idmap config *:backend = tdb idmap config *:range = 70001-80000 idmap config MONDOMAINE:backend = ad idmap config MONDOMAINE:schema_mode = rfc2307 idmap config MONDOMAINE:range = 500-40000 By the way, samba 3.6 is going end of life pretty soon (see the recent 4.2RC3 release notes), you should upgrade your 3.6 domain members to samba4 too. Cheers, Denis> > in their smb.conf. As a result the uids/gids match between the Samba 3.6 > domain members, but are completely different to the Samba4 DCs. > > Is there a way to configure the 3.6 domain members to use the same uid/gid > mapping as the Samba4 DCs? > > Many thanks, > > Will >-- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, b?timent A 12 avenue Jules Verne 44230 Saint S?bastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil-it-systems.fr
On 22/12/14 17:22, Denis Cardon wrote:> Hi William, > >> I have an AD domain (Samba 4.1.13 domain controllers) and some Samba 3.6 >> clients. >> I would like the uid/gid mappings to be consistent across the two >> sets of >> machines. >> >> The Samba4 DCs have the following line in smb.conf: >> >> idmap_ldb:use rfc2307 = yes >> >> and their uids/gids are in sync across all four of them. >> >> The Samba 3.6 domain members currently have: >> >> idmap config MBSW : backend = rid >> idmap config MBSW : range = 10000001-20000000 > > if you are using rfc2307 on one side and rid on the other, it is > pretty sure that it won't be in sync. You should use rfc2307 also on > the samba 3.6, with something like > > [global] > workgroup = MONDOMAINE > security = ADS > realm = MONDOMAINE.LOCAL > idmap config *:backend = tdb > idmap config *:range = 70001-80000 > idmap config MONDOMAINE:backend = ad > idmap config MONDOMAINE:schema_mode = rfc2307 > idmap config MONDOMAINE:range = 500-40000 > > By the way, samba 3.6 is going end of life pretty soon (see the recent > 4.2RC3 release notes), you should upgrade your 3.6 domain members to > samba4 too. > > Cheers, > > Denis > > >> >> in their smb.conf. As a result the uids/gids match between the Samba 3.6 >> domain members, but are completely different to the Samba4 DCs. >> >> Is there a way to configure the 3.6 domain members to use the same >> uid/gid >> mapping as the Samba4 DCs? >> >> Many thanks, >> >> Will >> > >Hi, what you are saying Denis is true as far as it goes, but the OP also needs to add the required RFC2307 attributes (uidNumber, gidNumber) to the user & group objects. Rowland