Hello again, no idea!? Both my DCs running now 4.3.4, but there is a strange behaviour, Ex.: First DC root at s4master wingroup]# id maurerp uid=90036(TPLK\maurerp) gid=100(users) Gruppen=100(users),3000048(TPLK\schreiben),3000038(TPLK\orbis),3000023(TPLK\ agfa),3000009(BUILTIN\users) Second DC [root at s4slave ~]# id maurerp uid=90036(TPLK\maurerp) gid=100(users) Gruppen=100(users),3000048(TPLK\aerzte08$),3000038(TPLK\reserve09$),3000023( TPLK\agfa),3000001(BUILTIN\users As you see group with ID 3000048 (schreiben) is mapped on the second DC: 3000048(TPLK\aerzte08$) How can I correct this issue? Greetings Daniel EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de -----Ursprüngliche Nachricht----- Von: Mueller [mailto:mueller at tplk.loc] Gesendet: Montag, 8. Februar 2016 14:18 An: 'samba at lists.samba.org' <samba at lists.samba.org> Betreff: After Upgrade to Samba-4.3.4 Dear all, after upgrading to samba 4.3.4 when I open the "Computer Management" and I connect tot he samna4.3.4 host there is an error: "Prozeduranzahl liegt ausserhalb 1745" !?? And some of my shares have suddenly mingled instead of groups Workstation accounts in my secority tab (ex WEBSERV$ instaed og group praktikum?) How can I solve this? EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de
On 09/02/16 09:26, Mueller wrote:> Hello again, > no idea!? > > Both my DCs running now 4.3.4, but there is a strange behaviour, > Ex.: > First DC > root at s4master wingroup]# id maurerp > uid=90036(TPLK\maurerp) gid=100(users) > Gruppen=100(users),3000048(TPLK\schreiben),3000038(TPLK\orbis),3000023(TPLK\ > agfa),3000009(BUILTIN\users) > > Second DC > > [root at s4slave ~]# id maurerp > uid=90036(TPLK\maurerp) gid=100(users) > Gruppen=100(users),3000048(TPLK\aerzte08$),3000038(TPLK\reserve09$),3000023( > TPLK\agfa),3000001(BUILTIN\users > > As you see group with ID 3000048 (schreiben) is mapped on the second DC: > 3000048(TPLK\aerzte08$) > > > How can I correct this issue? > > Greetings > Daniel > >This is a known problem, on a DC users and groups are mapped via idmap.ldb, only problem is the idmap.ldb on the first DC is very probably not going to be the same as the idmap.ldb on the second DC, this is because they are not synced. It was even worse before Samba 4.2.0, you just got numbers. You have three choices: Ignore it, but be aware that you may have problems if you try to copy a file from one DC to the other with something that ignores the owner & group and just relies on the uid & gid numbers. You can copy idmap.ldb from the first DC to the second, but this would then entail changing the ownership of files on the second DC to the new uid & gidNumbers. You would also have to keep the two idmap.ldb files in sync. The last choice is probably the best idea, give your users & groups uidNumber & gidNumber attributes, these would take precedence over the numbers you are using now. You would still need to change ownership of the files, but this would be a one time thing and replication would keep the two DCs in sync. You can then use ADUC to manage your users. Rowland
What I have done bevor updating to 4.3.4 and it was working until then. I userd the map unix tab in ADUC and gave uid and gid to all users /groups but administrator. This worked until the update. Now the dcs mix up only!!! group ids with computer ids (security tab) root at s4slave exim]# getent group personal TPLK\personal:x:3000044: root at s4slave exim]# getent group reserve09$ TPLK\reserve09$:x:3000038:TPLK\reserve09$ [root at s4master ~]# getent group personal <----------------------------------- TPLK\personal:x:3000044: [root at s4master ~]# getent group reserve09$<----------------------------- TPLK\reserve09$:x:3000044:TPLK\reserve09$ Is there a way I can change the GID of reserve09$ back to hits originaly? ADUC--> Tab >>Attribute change? EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de -----Ursprüngliche Nachricht----- Von: Rowland penny [mailto:rpenny at samba.org] Gesendet: Dienstag, 9. Februar 2016 11:04 An: samba at lists.samba.org Betreff: Re: [Samba] WG: After Upgrade to Samba-4.3.4 On 09/02/16 09:26, Mueller wrote:> Hello again, > no idea!? > > Both my DCs running now 4.3.4, but there is a strange behaviour, > Ex.: > First DC > root at s4master wingroup]# id maurerp > uid=90036(TPLK\maurerp) gid=100(users) > Gruppen=100(users),3000048(TPLK\schreiben),3000038(TPLK\orbis),3000023 > (TPLK\ > agfa),3000009(BUILTIN\users) > > Second DC > > [root at s4slave ~]# id maurerp > uid=90036(TPLK\maurerp) gid=100(users) > Gruppen=100(users),3000048(TPLK\aerzte08$),3000038(TPLK\reserve09$),30 > 00023( > TPLK\agfa),3000001(BUILTIN\users > > As you see group with ID 3000048 (schreiben) is mapped on the second DC: > 3000048(TPLK\aerzte08$) > > > How can I correct this issue? > > Greetings > Daniel > >This is a known problem, on a DC users and groups are mapped via idmap.ldb, only problem is the idmap.ldb on the first DC is very probably not going to be the same as the idmap.ldb on the second DC, this is because they are not synced. It was even worse before Samba 4.2.0, you just got numbers. You have three choices: Ignore it, but be aware that you may have problems if you try to copy a file from one DC to the other with something that ignores the owner & group and just relies on the uid & gid numbers. You can copy idmap.ldb from the first DC to the second, but this would then entail changing the ownership of files on the second DC to the new uid & gidNumbers. You would also have to keep the two idmap.ldb files in sync. The last choice is probably the best idea, give your users & groups uidNumber & gidNumber attributes, these would take precedence over the numbers you are using now. You would still need to change ownership of the files, but this would be a one time thing and replication would keep the two DCs in sync. You can then use ADUC to manage your users. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba