Rowland penny
2016-Jun-14 15:21 UTC
[Samba] Samba 4 Member server show diferent UID than Ad Server
On 14/06/16 15:52, Juan Ignacio wrote:> I like the idea. > > - synchronize private/idmap.ldb across your DC at least (they all host > Sysvol, sysvol is rsynced, here you can have issues with UID/GID). Members > servers seem to not have that file.idmap.ldb is only used on a Samba 4 AD DC, but the contents can be and and very often are different on each DC.> > But in my Domain Controler I do not find this file. > > I found the file in the AD DC.I don't quite understand this, you have a domain controller that doesn't have an idmap.ldb file, is this a windows domain controller ? The idmap.ldb file you found, was this on a secondary AD DC ?> > There any way to avoid adding UID users, or impossible without doing this. > They are as 300 users.On a domain member, yes. On a Samba AD DC, yes There is a problem however, your users on the DC would get a different UID compared to the domain member. the same goes for groups. Rowland
Juan Ignacio
2016-Jun-14 15:42 UTC
[Samba] Samba 4 Member server show diferent UID than Ad Server
The structure is as follows. AD DC (Samba 4.1)------------------- Member DC (Samba 4.4) private/idmap.ldb ----------------- not private/idmap.ldb The idmap.ldb file you found, was this on a secondary AD DC ? -No the idmap.ldb i found was in the primary AD DC, im not have a secondary AD DC, i also have a Member DC. 2016-06-14 12:21 GMT-03:00 Rowland penny <rpenny at samba.org>:> On 14/06/16 15:52, Juan Ignacio wrote: > >> I like the idea. >> >> - synchronize private/idmap.ldb across your DC at least (they all host >> Sysvol, sysvol is rsynced, here you can have issues with UID/GID). Members >> servers seem to not have that file. >> > > idmap.ldb is only used on a Samba 4 AD DC, but the contents can be and and > very often are different on each DC. > > >> But in my Domain Controler I do not find this file. >> >> I found the file in the AD DC. >> > > I don't quite understand this, you have a domain controller that doesn't > have an idmap.ldb file, is this a windows domain controller ? > > The idmap.ldb file you found, was this on a secondary AD DC ? > > >> There any way to avoid adding UID users, or impossible without doing this. >> They are as 300 users. >> > > On a domain member, yes. > On a Samba AD DC, yes > There is a problem however, your users on the DC would get a different UID > compared to the domain member. the same goes for groups. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland penny
2016-Jun-14 15:52 UTC
[Samba] Samba 4 Member server show diferent UID than Ad Server
On 14/06/16 16:42, Juan Ignacio wrote:> The structure is as follows. > > AD DC (Samba 4.1)------------------- Member DC (Samba 4.4) > > private/idmap.ldb ----------------- not private/idmap.ldb > > > The idmap.ldb file you found, was this on a secondary AD DC ? > > -No the idmap.ldb i found was in the primary AD DC, im not have a > secondary AD DC, i also have a Member DC. >If you created the 'Member DC' by provisioning it with samba-tool, can I suggest you remove it from the domain, then rejoin it as a secondary DC. Whilst you 'can' provision a 'Member DC' with samba-tool, it isn't really a 'Member DC', it doesn't work correctly. You can only provision a DC with samba-tool, everything else is depreciated and could be and probably will be removed when 4.6.0 comes out (the release after next) Rowland
Apparently Analagous Threads
- Samba 4 Member server show diferent UID than Ad Server
- Samba4 Domain Member Server "Getent show diferents UID"
- Samba4 Domain Member Server "Getent show diferents UID"
- Samba4 Domain Member Server "Getent show diferents UID"
- Samba 4 Member server show diferent UID than Ad Server