On 6/21/2016 7:09 AM, lists wrote:> Hi Achim,
>
>> Looks like on DC4 3000300 is mapped to an computer account for
>> "proxmox".
>>
>> On DC2/DC32 3000009 should map to S-1-5-18 (Local System) and 3000300
>> S-1-5-11 (Autheticated Users).
>> These are both Security groups which do not resolv via winbindd so they
>> can not be mapped. (you may add manual mapping via the --groupmap on
>> your rsync commandline).
>>
>> I assume you can delete the mapping for 3000300 on dc4 and change the
>> mapping for S-1-5-11 to 3000300 (and S-1-5-18 to 3000009 if that id is
>> not used by something else) in idmap.ldb on DC4. After an cache flush
>> sync things should work again.
>
> I took a backup of the dc4 kvm, and followed the procedure on the wiki
> to copy the idmap.ldb from DC2 to DC4. (a bit more drastical, but it
> seems to have worked out also)
>
> Then YOUR sysvol sync method, over ssh, and now the permissions look
> good on DC4.
>
> Thanks!
>
> MJ
>
I found my issue. On one of my DC's I had misspelled 'idmap_ldb:use
rfc2307 = Yes'. I had it 'idmap_lbd:'. Ran 'net cache flush'
and wbinfo
gave correct mappings. I find it odd that 'samba-tool testparm' never
threw any errors.
--
-James