samba - Jun 2016 - Samba 4 Member server show diferent UID than Ad Server

On 14/06/16 16:42, Juan Ignacio wrote:
> The structure is as follows.
>
> AD DC (Samba 4.1)------------------- Member DC (Samba 4.4)
>
> private/idmap.ldb   -----------------     not private/idmap.ldb
>
>
> The idmap.ldb file you found, was this on a secondary AD DC ?
>
>    -No the idmap.ldb i found was in the primary AD DC, im not have a 
> secondary AD DC, i also have a Member DC.
>
If you created the 'Member DC' by provisioning it with samba-tool, can I
suggest you remove it from the domain, then rejoin it as a secondary DC.
Whilst you 'can' provision a 'Member DC' with samba-tool, it
isn't
really a 'Member DC', it doesn't work correctly. You can only
provision
a DC with samba-tool, everything else is depreciated and could be and 
probably will be removed when 4.6.0 comes out (the release after next)

Rowland

No, im not provisioning it with samba-tool im provision folowing the Samba
Documentation.

https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member

Analista Inf.
Juan Ignacio Pazos
<http://www.linkedin.com/pub/juan-ignacio-pazos-lorenzo/19/9b9/26a>

2016-06-14 12:52 GMT-03:00 Rowland penny <rpenny at samba.org>:
> On 14/06/16 16:42, Juan Ignacio wrote:
>
>> The structure is as follows.
>>
>> AD DC (Samba 4.1)------------------- Member DC (Samba 4.4)
>>
>> private/idmap.ldb   -----------------     not private/idmap.ldb
>>
>>
>> The idmap.ldb file you found, was this on a secondary AD DC ?
>>
>>    -No the idmap.ldb i found was in the primary AD DC, im not have a
>> secondary AD DC, i also have a Member DC.
>>
>>
> If you created the 'Member DC' by provisioning it with samba-tool,
can I
> suggest you remove it from the domain, then rejoin it as a secondary DC.
> Whilst you 'can' provision a 'Member DC' with samba-tool,
it isn't really
> a 'Member DC', it doesn't work correctly. You can only
provision a DC with
> samba-tool, everything else is depreciated and could be and probably will
> be removed when 4.6.0 comes out (the release after next)
>
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Hello
I also have a DC and Member server (separately) using RID is the same 
displays Ids different between the two ...


Em 14-06-2016 12:58, Juan Ignacio escreveu:
> No, im not provisioning it with samba-tool im provision folowing the Samba
> Documentation.
>
> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
>
> Analista Inf.
> Juan Ignacio Pazos
> <http://www.linkedin.com/pub/juan-ignacio-pazos-lorenzo/19/9b9/26a>
>
> 2016-06-14 12:52 GMT-03:00 Rowland penny <rpenny at samba.org>:
>
>> On 14/06/16 16:42, Juan Ignacio wrote:
>>
>>> The structure is as follows.
>>>
>>> AD DC (Samba 4.1)------------------- Member DC (Samba 4.4)
>>>
>>> private/idmap.ldb   -----------------     not private/idmap.ldb
>>>
>>>
>>> The idmap.ldb file you found, was this on a secondary AD DC ?
>>>
>>>     -No the idmap.ldb i found was in the primary AD DC, im not have
a
>>> secondary AD DC, i also have a Member DC.
>>>
>>>
>> If you created the 'Member DC' by provisioning it with
samba-tool, can I
>> suggest you remove it from the domain, then rejoin it as a secondary
DC.
>> Whilst you 'can' provision a 'Member DC' with
samba-tool, it isn't really
>> a 'Member DC', it doesn't work correctly. You can only
provision a DC with
>> samba-tool, everything else is depreciated and could be and probably
will
>> be removed when 4.6.0 comes out (the release after next)
>>
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>

Anyway everything seems to work well.
The shares are correctly and users recognize them without problems. getent
and wbinfo.

The main problem is that apparently the Member DC does not get the UID
properly containing the user in the ADDC.

There is something that can change in the smb.conf the Member DC, I
remember a few years ago with the same AD DC we get the UID correctly.

2016-06-14 12:58 GMT-03:00 Juan Ignacio <juan.ignacio.pazos at gmail.com>:
> No, im not provisioning it with samba-tool im provision folowing the Samba
> Documentation.
>
> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
>
> Analista Inf.
> Juan Ignacio Pazos
> <http://www.linkedin.com/pub/juan-ignacio-pazos-lorenzo/19/9b9/26a>
>
> 2016-06-14 12:52 GMT-03:00 Rowland penny <rpenny at samba.org>:
>
>> On 14/06/16 16:42, Juan Ignacio wrote:
>>
>>> The structure is as follows.
>>>
>>> AD DC (Samba 4.1)------------------- Member DC (Samba 4.4)
>>>
>>> private/idmap.ldb   -----------------     not private/idmap.ldb
>>>
>>>
>>> The idmap.ldb file you found, was this on a secondary AD DC ?
>>>
>>>    -No the idmap.ldb i found was in the primary AD DC, im not have
a
>>> secondary AD DC, i also have a Member DC.
>>>
>>>
>> If you created the 'Member DC' by provisioning it with
samba-tool, can I
>> suggest you remove it from the domain, then rejoin it as a secondary
DC.
>> Whilst you 'can' provision a 'Member DC' with
samba-tool, it isn't really
>> a 'Member DC', it doesn't work correctly. You can only
provision a DC with
>> samba-tool, everything else is depreciated and could be and probably
will
>> be removed when 4.6.0 comes out (the release after next)
>>
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>