Question: When you add users to the ADDC the UID users are always going to be different from those obtained by the DC winbind Member? I talk about destroy the member server, because I have the freedom to do it again if necessary, this server is not in production. Regards.> Date: Mon, 23 Mar 2015 19:28:19 +0000 > From: rowlandpenny at googlemail.com > To: samba at lists.samba.org > Subject: Re: [Samba] UID and GID mapping throw DC and Member DC > > On 23/03/15 19:15, Jhon P wrote: > > What do you mean with different winbinds? > > On the DC, winbind is built into the samba daemon, you do not run a > separate winbind daemon. On a member server you run the nmbd & smbd > daemons along with a separate winbind daemon. > > > > > I can destroy the member server, its on testing. > > It is for the version of windbind? > > > > I can get this from DC. > > > > > > But I can not do the same with DC. > > > > "Tonight 2X1 sledgehammers." :-) XD > > > > What you could try (and I never told you this) is sssd instead of > winbind, you can use this on both the DC and the member server along > with RFC2307 attributes. The only problem would be getting a new enough > version, you may have to update to jessie. > > Rowland > > > Date: Mon, 23 Mar 2015 18:43:21 +0000 > > > From: rowlandpenny at googlemail.com > > > To: samba at lists.samba.org > > > Subject: Re: [Samba] UID and GID mapping throw DC and Member DC > > > > > > On 23/03/15 18:27, Jhon P wrote: > > > > After tried to solve the problem with "getent", I found another > > > > problem with the Member server. > > > > > > > > The member server works well, but the "uid" and "gid" mapping for > > > > users its incorrect. > > > > > > > > In the DC the "UID" "GID" its around 3000085 > > > > > > > > In the Member Server its around 2000 - 3000 > > > > > > > > For example: > > > > > > > > > > > > ADDC Server. > > > > --------------------- > > > > root at ACDC:/# wbinfo --user-info=Prueba > > > > KENNEDY\prueba:*_:3000022:100_:Prueba:/home/KENNEDY/prueba:/bin/false > > > > > > The '3000022' is coming from winbind mapping the users RID > > > > > > > > > > > MEMBER SERVER > > > > ----------------------- > > > > root at MEMBERSERVER/home/prueba# wbinfo --user-info=prueba > > > > prueba:*:_2451:2004_:Prueba:/home/KENNEDY/prueba:/bin/false > > > > > > > > > > The '2451' is again coming from winbind mapping the users RID, but > > > because you are using different winbinds on the DC and the member > > > server, you are getting different numbers. This is just one of the > > > reasons not use the DC for anything other than authentication. > > > > > > You could try adding a 'uidNumber' to your AD users and a > > 'gidNumber' to > > > 'Domain Users', these numbers need to be inside the range set in the > > > member server smb.conf, for instance if you follow the member server > > > page on the wiki, not less than 2000 and not more than 999999. > > > > > > I must point out that if this does not work, it may be time to get the > > > sledgehammer out :-) > > > > > > Rowland > > > > Any way to solve this. > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 23/03/15 20:28, Jhon P wrote:> Question: > When you add users to the ADDC the UID users are always going to be > different from those obtained by the DC winbind Member?If you add uidNumbers & gidNumbers to users and groups you will get the same ID numbers everywhere, here is an example: On a DC: root at dc01:~# getent passwd rowland EXAMPLE\rowland:*:10000:10000:Rowland Penny:/home/EXAMPLE/rowland:/bin/bash And on my laptop (a linux client): rowland at ThinkPad ~ $ getent passwd rowland rowland:*:10000:10000::/home/rowland:/bin/bash> > I talk about destroy the member server, because I have the freedom to > do it again if necessary, this server is not in production. > > Regards. >Rowland
I also use sssd on DC and member servers instead of winbind. What about v4.2 and its new winbind constellation? Any complications known? @ the opener: I personally think you should try out sssd. I love it and its functionality. I also use it for pam authentication on the servers in combination with sudo (dedicated ad group in sudoers file for admins). Works fine :-) Am 23. M?rz 2015 21:55:23 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>:>On 23/03/15 20:28, Jhon P wrote: >> Question: >> When you add users to the ADDC the UID users are always going to be >> different from those obtained by the DC winbind Member? > >If you add uidNumbers & gidNumbers to users and groups you will get the > >same ID numbers everywhere, here is an example: > >On a DC: > >root at dc01:~# getent passwd rowland >EXAMPLE\rowland:*:10000:10000:Rowland >Penny:/home/EXAMPLE/rowland:/bin/bash > >And on my laptop (a linux client): > >rowland at ThinkPad ~ $ getent passwd rowland >rowland:*:10000:10000::/home/rowland:/bin/bash > >> >> I talk about destroy the member server, because I have the freedom to > >> do it again if necessary, this server is not in production. >> >> Regards. >> > >Rowland > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba
Correct me if I'm wrong? You say that by RSAT and NIS I add a uid and gid for each user in the DC. As mentioned here: https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC#Check_if_RFC2307_is_used_by_your_Domain_Controllers If I do this, users are added to the passwd file on the domain controller or saved to the db sam? Im go to try this tomorrow. That big problem is not provisioned with RFC2307!!!!> Date: Mon, 23 Mar 2015 20:55:23 +0000 > From: rowlandpenny at googlemail.com > To: samba at lists.samba.org > Subject: Re: [Samba] UID and GID mapping throw DC and Member DC > > On 23/03/15 20:28, Jhon P wrote: > > Question: > > When you add users to the ADDC the UID users are always going to be > > different from those obtained by the DC winbind Member? > > If you add uidNumbers & gidNumbers to users and groups you will get the > same ID numbers everywhere, here is an example: > > On a DC: > > root at dc01:~# getent passwd rowland > EXAMPLE\rowland:*:10000:10000:Rowland Penny:/home/EXAMPLE/rowland:/bin/bash > > And on my laptop (a linux client): > > rowland at ThinkPad ~ $ getent passwd rowland > rowland:*:10000:10000::/home/rowland:/bin/bash > > > > > I talk about destroy the member server, because I have the freedom to > > do it again if necessary, this server is not in production. > > > > Regards. > > > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba