samba - Jun 2016 - Samba 4 Member server show diferent UID than Ad Server

On 14/06/16 15:52, Juan Ignacio wrote:
> I like the idea.
>
> - synchronize private/idmap.ldb across your DC at least (they all host
> Sysvol, sysvol is rsynced, here you can have issues with UID/GID). Members
> servers seem to not have that file.
idmap.ldb is only used on a Samba 4 AD DC, but the contents can be and 
and very often are different on each DC.
>
> But in my Domain Controler I do not find this file.
>
> I found the file in the AD DC.
I don't quite understand this, you have a domain controller that doesn't
have an idmap.ldb file, is this a windows domain controller ?

The idmap.ldb file you found, was this on a secondary AD DC ?
>
> There any way to avoid adding UID users, or impossible without doing this.
> They are as 300 users.
On a domain member, yes.
On a Samba AD DC, yes
There is a problem however, your users on the DC would get a different 
UID compared to the domain member. the same goes for groups.

Rowland

The structure is as follows.

AD DC (Samba 4.1)------------------- Member DC (Samba 4.4)

private/idmap.ldb   -----------------     not private/idmap.ldb


The idmap.ldb file you found, was this on a secondary AD DC ?

   -No the idmap.ldb i found was in the primary AD DC, im not have a
secondary AD DC, i also have a Member DC.

2016-06-14 12:21 GMT-03:00 Rowland penny <rpenny at samba.org>:
> On 14/06/16 15:52, Juan Ignacio wrote:
>
>> I like the idea.
>>
>> - synchronize private/idmap.ldb across your DC at least (they all host
>> Sysvol, sysvol is rsynced, here you can have issues with UID/GID).
Members
>> servers seem to not have that file.
>>
>
> idmap.ldb is only used on a Samba 4 AD DC, but the contents can be and and
> very often are different on each DC.
>
>
>> But in my Domain Controler I do not find this file.
>>
>> I found the file in the AD DC.
>>
>
> I don't quite understand this, you have a domain controller that
doesn't
> have an idmap.ldb file, is this a windows domain controller ?
>
> The idmap.ldb file you found, was this on a secondary AD DC ?
>
>
>> There any way to avoid adding UID users, or impossible without doing
this.
>> They are as 300 users.
>>
>
> On a domain member, yes.
> On a Samba AD DC, yes
> There is a problem however, your users on the DC would get a different UID
> compared to the domain member. the same goes for groups.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On 14/06/16 16:42, Juan Ignacio wrote:
> The structure is as follows.
>
> AD DC (Samba 4.1)------------------- Member DC (Samba 4.4)
>
> private/idmap.ldb   -----------------     not private/idmap.ldb
>
>
> The idmap.ldb file you found, was this on a secondary AD DC ?
>
>    -No the idmap.ldb i found was in the primary AD DC, im not have a 
> secondary AD DC, i also have a Member DC.
>
If you created the 'Member DC' by provisioning it with samba-tool, can I
suggest you remove it from the domain, then rejoin it as a secondary DC.
Whilst you 'can' provision a 'Member DC' with samba-tool, it
isn't
really a 'Member DC', it doesn't work correctly. You can only
provision
a DC with samba-tool, everything else is depreciated and could be and 
probably will be removed when 4.6.0 comes out (the release after next)

Rowland