Juan Ignacio
2016-Jun-13 15:31 UTC
[Samba] Samba 4 Member server show diferent UID than Ad Server
Hello friends, I come to ask for a hand. I have an AD server with Samba 4.1 and added a Member Server 4.4 without problems. The only problem I'm having is that the UID of users in the Member Server are different from the AD server. Ad Server KENNEDY\florenciaelmone:*:3000679:100:Florencia Elmone Domingues:/home/KENNEDY/florenciaelmone:/bin/false Member Server florenciaelmone:*:100002:100008:Florencia Elmone Domingues:/home/KENNEDY/florenciaelmone:/bin/false Some way to resolve this? Thanks.
Mueller
2016-Jun-14 07:14 UTC
[Samba] Samba 4 Member server show diferent UID than Ad Server
So you need to configure winbindd the right way to solve this. In deed if you have another UID it can result in "access refused". This is an issue I treid to discuss since samba4 started and I think this should be an integrated thing in samba ads to member server Without having admins to bother about. Greetings Daniel EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de -----Ursprüngliche Nachricht----- Von: Juan Ignacio [mailto:juan.ignacio.pazos at gmail.com] Gesendet: Montag, 13. Juni 2016 17:32 An: samba at lists.samba.org Betreff: [Samba] Samba 4 Member server show diferent UID than Ad Server Hello friends, I come to ask for a hand. I have an AD server with Samba 4.1 and added a Member Server 4.4 without problems. The only problem I'm having is that the UID of users in the Member Server are different from the AD server. Ad Server KENNEDY\florenciaelmone:*:3000679:100:Florencia Elmone Domingues:/home/KENNEDY/florenciaelmone:/bin/false Member Server florenciaelmone:*:100002:100008:Florencia Elmone Domingues:/home/KENNEDY/florenciaelmone:/bin/false Some way to resolve this? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
mathias dufresne
2016-Jun-14 10:23 UTC
[Samba] Samba 4 Member server show diferent UID than Ad Server
Without UID and / or GID configured into AD database (into LDAP tree) Samba would give UID / GID to users and groups when needed, and as nothing is written, Samba has to guess. This guessing process is called id mapping. Samba does not synchronize generated file containing this ID map. No synchronization and xID random xID fathers to xID inconsistency. This is not necessarily an issue: with only one DC (a config I can't approve) no issue: Sysvol is hosted by only one DC, no inconsistency when your are alone (that's when you met people that craziness appears :). File servers do not host same files normally: AD DC are hosting Sysvol and NetLogon and these both shares are not hosted on file servers which are hosting others files. Different files so no issue with rights... as long as you don't have to make copy or displace files from server to server, in that case that could be a mess.. Solution seems to be: - give UID/GID to everything in AD. Your users and those in CN=BUILTIN and CN=Users too. - synchronize private/idmap.ldb across your DC at least (they all host Sysvol, sysvol is rsynced, here you can have issues with UID/GID). Members servers seem to not have that file. - use "net cache flush" to clear idmap cache on every server (members included). Once cache is cleared, Winbind would need to find out what UID/GID to use, it should now rely on UID:GID declared into AD database and the issue should disappear. 2016-06-14 9:14 GMT+02:00 Mueller <mueller at tropenklinik.de>:> So you need to configure winbindd the right way to solve this. > In deed if you have another UID it can result in "access refused". > This is an issue I treid to discuss since samba4 started and I think this > should be an integrated thing in samba ads to member server > Without having admins to bother about. > > Greetings > Daniel > > > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: mueller at tropenklinik.de > Internet: www.tropenklinik.de > > > > > -----Ursprüngliche Nachricht----- > Von: Juan Ignacio [mailto:juan.ignacio.pazos at gmail.com] > Gesendet: Montag, 13. Juni 2016 17:32 > An: samba at lists.samba.org > Betreff: [Samba] Samba 4 Member server show diferent UID than Ad Server > > Hello friends, I come to ask for a hand. > > I have an AD server with Samba 4.1 and added a Member Server 4.4 without > problems. > > The only problem I'm having is that the UID of users in the Member Server > are different from the AD server. > > Ad Server > > KENNEDY\florenciaelmone:*:3000679:100:Florencia Elmone > Domingues:/home/KENNEDY/florenciaelmone:/bin/false > > Member Server > > florenciaelmone:*:100002:100008:Florencia Elmone > Domingues:/home/KENNEDY/florenciaelmone:/bin/false > > Some way to resolve this? > > Thanks. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Possibly Parallel Threads
- Samba 4 Member server show diferent UID than Ad Server
- Samba 4 Member server show diferent UID than Ad Server
- Samba 4 Member server show diferent UID than Ad Server
- Samba 4 Member server show diferent UID than Ad Server
- Samba 4 Member server show diferent UID than Ad Server