On Fri, 2021-07-30 at 08:29 +0200, Thomas Kempf via samba
wrote:> Hello all,
> i'm in a network with about 40 OSX-Clients, a couple of Linux and
> Freebsd Servers and a growing number of win10 machines. I have two
> Samba
> Servers 4.9.5.-Debian on Debian-Buster running as DCs. For ID-
> Mapping
Can I suggest you have a look here: https://apt.van-belle.nl/
4.9.5 is really old
> i'm using the RFC-2307 ad.
> I set up the bidirectional sysvol Replication as documented in the
> Wiki
> with unison/rsync workaround.
>
> As samba-tool complained about some sysvol permissions error, i've
> done
> a sysvolreset as advised in the wiki
> https://wiki.samba.org/index.php/Sysvolreset. because my Domain
> Admins
> group had a gidNumber.
Can I suggest you create another group and use that instead of Domain
Admins.
>
> The Sysvol seems ok on the machine to which i connected, but the
> ACL-changes during the sysvolreset don't get synchronized to the
> other DC.
That is correct, you also need to sync idmap.ldb from the DC with the
PDC_Emulator FSMO role to all other DC's.
Rowland