What if I use uidNumber to avoid messing up with idmap.ldb? In the first
domain controller works fine, ignores idmap and use uidNumber, but this
attribute is not being replicated when a new user is created.
I explain myself a little deeper:
1-I have an AD DC, all users contain uidNumber. "wbinfo -i user"
returns
uidNumber as expected.
2-I join a second DC. LDAP is replicated correctly, uidNumber attribute
included. "wbinfo -i user" returns uidNumber as expected.
3-I create a new user in the first DC, and add manually the
corresponding uidNumber.
4-User is replicated fine to second DC but lacks of uidNumber set on the
first one, thus "wbinfo -i user" does not return de same uidNumber.
The advantage of using rfc2307 is not such if uidNumber is not
replicated. Do I have to replicate manually? Am I missing something?
Any suggestion is welcomed.
Regards,
Izan D?ez S?nchez
Empresarios Agrupados
Magallanes 3
28015 Madrid
Tel. +34 91 309 80 00 (ext: 8813)
ids at empre.es
El 13/01/2015 a las 18:56, Rowland Penny escribi?:> On 13/01/15 17:40, Dania Ramirez Moya wrote:
>> ---------- Forwarded message ----------
>> From: Dania Ramirez Moya <dania181087 at gmail.com>
>> Date: Fri, 9 Jan 2015 12:12:18 -0500
>> Subject: Samba 4 two DCs no matching UID/GID
>> To: samba <samba at lists.samba.org>
>>
>> Hello list:
>> I have a install of two Debian7 machines with samba 4.1.7. On DC1 I
>> made a
>> domain provision with --use-rfc2307. On DC2 I made a join as DC
>> exactly as
>> https://wiki.samba.org/index.php/Join_a_domain_as_a_DC , I build
samba4
>> with rfc2307 too. Also on additional joined Domain Controller I added
>> the
>> parameter idmap_ldb:use rfc2307 = yes according to the wiki
>> https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC. I used
>> ADUC
>> to set Unix Attributes on a user account
>>
>> I installed and configured sssd 1.10 to pull the RFC2307 attributes
>> in two
>> DCs but the UID/GID mismatched. Do I missing some configuration?
>> Best regards
>>
>> Dania
>
> Well, not configuration, but you seem to have missed that you
> shouldn't use the DC as a fileserver and that idmap.ldb on the second
> DC will not match the one on the first DC. The last one is easy to
> fix, copy idmap.ldb from the first DC to the second DC, to use the DC
> as a fileserver will need to wait until sometime after 4.2.
>
> Rowland
>
>
---------------------------------------------------------------------
This message may contain confidential and/or privileged information.
If you are not the addressee or authorized to receive this for the
addressee, you must not use, copy, disclose or take any action based
on this message or any information herein. If you have received this
message by mistake, please advise the sender immediately by reply
e-mail and delete this message. Thank you for your cooperation.
Visit our web page: www.empre.es
Este mensaje puede contener informaci?n confidencial o privilegiada.
Si Vd. no es el destinatario ni est? autorizado por el mismo para
recibir este mensaje, Vd. no debe usar, copiar, revelar ni tomar
ninguna medida basada en este mensaje o en la informaci?n que
contiene. Si Vd. ha recibido este mensaje por error, notif?quelo de
forma inmediata al remitente por correo electr?nico y borre el
mensaje. Gracias por su cooperaci?n.
Visite nuestra p?gina web: www.empre.es
---------------------------------------------------------------------
Please, Do not print this message unless it is necessary.
Our environment is in our hands.
Antes de imprimir este mensaje, aseg?rese de que es necesario.
El medio ambiente est? en nuestra mano.