Taylor Hammerling
2017-Dec-15 19:08 UTC
[Samba] UID/GID -> SID -> NAME mapping across multiple DCs
Danke! On Fri, Dec 15, 2017 at 1:03 PM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Fri, 15 Dec 2017 11:56:25 -0600 > Taylor Hammerling <thammerling at tcsbasys.com> wrote: > > > Interesting... How do I go about getting them/keeping them in sync? > > > > see here: > > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_ > Existing_Active_Directory#Built-in_Groups_GID_Mappings > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- *Taylor Hammerling* | *IT Manager* 2800 Laura Lane | Middleton, WI 53562 *O *(608) 669-9070 *| C *(608) 512-7849 tcsbasys.com | ubiquistat.com
Taylor Hammerling
2017-Dec-15 19:16 UTC
[Samba] UID/GID -> SID -> NAME mapping across multiple DCs
ok, I followed the directions on that wikipage, made a hot backup, copied
the hot backup over to the new DC, renamed the hot backup (thus replacing
the existing idmap.ldb) and ran "samba-tool ntacl sysvolreset" and it
spat
out the following after a minute or 2 of thinking...
root at dc1 samba/private# samba-tool ntacl sysvolreset
open: error=2 (No such file or directory)
ERROR(runtime): uncaught exception - (-1073741823, '{Operation Failed} The
requested operation was unsuccessful.')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line
176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line
239,
in run
lp, use_ntvfs=use_ntvfs)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
line
1609, in setsysvolacl
set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
use_ntvfs, passdb=s4_passdb)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
line
1514, in set_gpos_acl
passdb=passdb)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
line
1477, in set_dir_acl
setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs,
skip_invalid_chown=True, passdb=passdb, service=service)
File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 162,
in
setntacl
smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP |
security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)
root at dc1 samba/private#
Please note, DC2 is the DC that has the correct GID mappings, DC1 does not,
so I'm copying from DC2 to DC1.
On Fri, Dec 15, 2017 at 1:08 PM, Taylor Hammerling <thammerling at
tcsbasys.com> wrote:
> Danke!
>
> On Fri, Dec 15, 2017 at 1:03 PM, Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
>> On Fri, 15 Dec 2017 11:56:25 -0600
>> Taylor Hammerling <thammerling at tcsbasys.com> wrote:
>>
>> > Interesting... How do I go about getting them/keeping them in
sync?
>> >
>>
>> see here:
>>
>> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Ex
>> isting_Active_Directory#Built-in_Groups_GID_Mappings
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>
>
> --
> *Taylor Hammerling* | *IT Manager*
> 2800 Laura Lane | Middleton, WI 53562
> *O *(608) 669-9070 *| C *(608) 512-7849
> tcsbasys.com | ubiquistat.com
>
--
*Taylor Hammerling* | *IT Manager*
2800 Laura Lane | Middleton, WI 53562
*O *(608) 669-9070 *| C *(608) 512-7849
tcsbasys.com | ubiquistat.com
Taylor Hammerling
2017-Dec-15 19:24 UTC
[Samba] UID/GID -> SID -> NAME mapping across multiple DCs
Apologies, despite that error, the permissions now look good on the sysvol folder. Is there anything I need to do moving forward to keep my DCs idmap.ldbs in sync? or is this a one time thing? On Fri, Dec 15, 2017 at 1:16 PM, Taylor Hammerling <thammerling at tcsbasys.com> wrote:> ok, I followed the directions on that wikipage, made a hot backup, copied > the hot backup over to the new DC, renamed the hot backup (thus replacing > the existing idmap.ldb) and ran "samba-tool ntacl sysvolreset" and it spat > out the following after a minute or 2 of thinking... > > root at dc1 samba/private# samba-tool ntacl sysvolreset > open: error=2 (No such file or directory) > ERROR(runtime): uncaught exception - (-1073741823, '{Operation Failed} The > requested operation was unsuccessful.') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line > 176, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line > 239, in run > lp, use_ntvfs=use_ntvfs) > File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", > line 1609, in setsysvolacl > set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, > use_ntvfs, passdb=s4_passdb) > File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", > line 1514, in set_gpos_acl > passdb=passdb) > File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", > line 1477, in set_dir_acl > setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs, > skip_invalid_chown=True, passdb=passdb, service=service) > File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 162, in > setntacl > smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP > | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service) > root at dc1 samba/private# > > > Please note, DC2 is the DC that has the correct GID mappings, DC1 does > not, so I'm copying from DC2 to DC1. > > On Fri, Dec 15, 2017 at 1:08 PM, Taylor Hammerling < > thammerling at tcsbasys.com> wrote: > >> Danke! >> >> On Fri, Dec 15, 2017 at 1:03 PM, Rowland Penny via samba < >> samba at lists.samba.org> wrote: >> >>> On Fri, 15 Dec 2017 11:56:25 -0600 >>> Taylor Hammerling <thammerling at tcsbasys.com> wrote: >>> >>> > Interesting... How do I go about getting them/keeping them in sync? >>> > >>> >>> see here: >>> >>> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Ex >>> isting_Active_Directory#Built-in_Groups_GID_Mappings >>> >>> Rowland >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >> >> >> >> -- >> *Taylor Hammerling* | *IT Manager* >> 2800 Laura Lane | Middleton, WI 53562 >> *O *(608) 669-9070 *| C *(608) 512-7849 >> tcsbasys.com | ubiquistat.com >> > > > > -- > *Taylor Hammerling* | *IT Manager* > 2800 Laura Lane | Middleton, WI 53562 > *O *(608) 669-9070 *| C *(608) 512-7849 > tcsbasys.com | ubiquistat.com >-- *Taylor Hammerling* | *IT Manager* 2800 Laura Lane | Middleton, WI 53562 *O *(608) 669-9070 *| C *(608) 512-7849 tcsbasys.com | ubiquistat.com
Rowland Penny
2017-Dec-15 19:28 UTC
[Samba] UID/GID -> SID -> NAME mapping across multiple DCs
On Fri, 15 Dec 2017 13:16:51 -0600 Taylor Hammerling <thammerling at tcsbasys.com> wrote:> ok, I followed the directions on that wikipage, made a hot backup, > copied the hot backup over to the new DC, renamed the hot backup > (thus replacing the existing idmap.ldb) and ran "samba-tool ntacl > sysvolreset" and it spat out the following after a minute or 2 of > thinking... > > root at dc1 samba/private# samba-tool ntacl sysvolreset > open: error=2 (No such file or directory) > ERROR(runtime): uncaught exception - (-1073741823, '{Operation > Failed} The requested operation was unsuccessful.') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 176, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line > 239, in run > lp, use_ntvfs=use_ntvfs) > File > "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line > 1609, in setsysvolacl set_gpos_acl(sysvol, dnsdomain, domainsid, > domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb) > File > "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line > 1514, in set_gpos_acl passdb=passdb) > File > "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line > 1477, in set_dir_acl setntacl(lp, path, acl, domsid, > use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, > service=service) File > "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 162, in > setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER | > security.SECINFO_GROUP | security.SECINFO_DACL | > security.SECINFO_SACL, sd, service=service) root at dc1 samba/private# > > > Please note, DC2 is the DC that has the correct GID mappings, DC1 > does not, so I'm copying from DC2 to DC1. >I now take it you haven't synced sysvol between the DCs, if you haven't see here: https://wiki.samba.org/index.php/SysVol_replication_(DFS-R) If you have, check that all the sysvol directories contain the same contents. Rowland