On Thu, 27 Oct 2016 09:20:34 -0400 Ryan Ashley via samba <samba at lists.samba.org> wrote:> Rowland, I am on my mobile phone right now so please forgive the data > not being available. When I get back to her location today I will be > happy to get you that information. How should I get it for you? Both > getent and wbinfo work on the server, if that matters. > > > Lets get the SIDs (actually RIDs) not being what you have set them > > to be, out of the way. They will not be set that way on a DC, the > > idmap lines you have added are ignored on a DC and they are only > > meant to be used on a domain member. If you want to use different > > IDs on a DC, you will have to add uidNumber attributes to the users > > and a gidNumber to the Domain Users group. > > > > You say you 'created this as a standalone AD DC' , what do you mean > > by this? did you provision with '--server-role=standalone' ? > > > > Rowland > > > >I will try again (as I didn't ask for any ID numbers) How did you provision the 'standalone AD DC' ???? Rowland
My apologies, Rowland. I thought you wanted the SIDs. I provisioned the domain as follows. samba-tool domain provision --use-rfc2307 --realm=MEDARTS.LAN --dns-backend=BIND9_DLZ --domain=MEDARTS --server-role=dc --interactive I also answered a few questions during interactive provisioning such as password, but the defaults were good. Lead IT/IS Specialist Reach Technology FP, Inc On 10/27/2016 09:26 AM, Rowland Penny via samba wrote:> On Thu, 27 Oct 2016 09:20:34 -0400 > Ryan Ashley via samba <samba at lists.samba.org> wrote: > >> Rowland, I am on my mobile phone right now so please forgive the data >> not being available. When I get back to her location today I will be >> happy to get you that information. How should I get it for you? Both >> getent and wbinfo work on the server, if that matters. >> >>> Lets get the SIDs (actually RIDs) not being what you have set them >>> to be, out of the way. They will not be set that way on a DC, the >>> idmap lines you have added are ignored on a DC and they are only >>> meant to be used on a domain member. If you want to use different >>> IDs on a DC, you will have to add uidNumber attributes to the users >>> and a gidNumber to the Domain Users group. >>> >>> You say you 'created this as a standalone AD DC' , what do you mean >>> by this? did you provision with '--server-role=standalone' ? >>> >>> Rowland >> >> >> >> > > I will try again (as I didn't ask for any ID numbers) > > How did you provision the 'standalone AD DC' ???? > > Rowland >
On Thu, 27 Oct 2016 15:06:08 -0400 Ryan Ashley via samba <samba at lists.samba.org> wrote:> My apologies, Rowland. I thought you wanted the SIDs. I provisioned > the domain as follows. > > samba-tool domain provision --use-rfc2307 --realm=MEDARTS.LAN > --dns-backend=BIND9_DLZ --domain=MEDARTS --server-role=dc > --interactive > > I also answered a few questions during interactive provisioning such > as password, but the defaults were good. >No problem, I just wanted to get it straight, it was possible you had provisioned with 'server-role=standalone', but you haven't Can I suggest you upgrade to 4.5.1, there have been a few fixes that may affect your problem. Rowland