I am in the process of moving our single Samba 3.x servers to a new 4.x AD server setup, with member servers. I have the Main ADC installed and running perfectly, machines can join with no problems. Seriously, it couldn't honestly be any easier, thanks for the Samba4 Wiki. It saved me a ton of time and stress. I'm working next on getting several test member servers working as well, and I'm a little confused with the config. According to the Samba AD DC HOWTO on the wiki, it really doesn't have anything in the config about the "idmap config" stuff. When adding member servers, does the idmap config options only go on the member servers, or does it have to have to be on the ADC as well? Do all member servers have the same ranges, or must they all be different? Thanks for your time. -- Matthew Daubenspeck Gentoo Linux i686 Intel(R) Xeon(R) CPU L5520 @ 2.27GHz 14:13:06 up 55 days, 3:44, 4 users, load average: 0.00, 0.05, 0.10
Hello Matthew, Am 15.07.2013 20:18, schrieb Matthew Daubenspeck:> I'm working next on getting several test member servers working as well, > and I'm a little confused with the config. According to the Samba AD DC > HOWTO on the wiki, it really doesn't have anything in the config about > the "idmap config" stuff. When adding member servers, does the idmap > config options only go on the member servers, or does it have to have to > be on the ADC as well?If you have multiple DCs, then the domain group/user/etc. stuff is automatically on each DC (directory replication). Member servers are getting the xID information from the DCs. And for that you need an Idmap configuration. For your member servers, I recommend to use backend AD and retrieve the xIDs from AD. Then you can edit the unix user/group information directly from ADUC, with all other account data. An example is in the HowTo: https://wiki.samba.org/index.php/Samba4/Domain_Member#Setting_up_a_basic_smb.conf Also then your user/groups have the same xIDs on all members. Regards, Marc