Many thanks and after writing Unix attributes in AD and executing the command "net cache flush" uuid, guid will be the same in DC server and Share servers 15.06.2018 13:46, Rowland Penny via samba пишет:> I think you are asking 'why do I need these lines, If I have added > uidNumber & gidNumber attributes to AD' > > You need them because all your users & groups will be ignored (i.e. as > is happening now) by Samba, unless you have them. > > You also need the other two lines: > > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > > These are required for the 'Well Known SIDs' and anything else outside > the domain. > > Also the 'SAMDOM' range must reflect the range of the uidNumber & > gidNumber attributes you have set in AD, any that are outside the range > will be ignored. > > You also need to replace 'SAMDOM' with your workgroup name (not your > realm)-- Шигапов Денис системный администратор группы компаний "Стройландия" тел. 8 3532 997-777 доб. 8715 сот. 8 906 837-60-79 email denis.shigapov at stroylandiya.ru web https://stroylandiya.ru
On Fri, 15 Jun 2018 14:16:07 +0500 Шигапов Денис Вильданович via samba <samba at lists.samba.org> wrote:> Many thanks > > and after writing Unix attributes in AD and executing the command > "net cache flush" uuid, guid will be the same in DC server and > Share servers >Should be, except for the 'Well known SIDs', these will get xidNumbers inside the '3000000' range on the DC and numbers inside the '*' range on the Unix domain member. There is one last possible gotcha, the Domain Users group must have a gidNumber inside the 'SAMDOM' range. Rowland
"net cache flush" could not delete id already distributed how to fully force the samba to use the new guid uuid 15.06.2018 14:35, Rowland Penny via samba пишет:> On Fri, 15 Jun 2018 14:16:07 +0500 > Шигапов Денис Вильданович via samba <samba at lists.samba.org> wrote: > >> Many thanks >> >> and after writing Unix attributes in AD and executing the command >> "net cache flush" uuid, guid will be the same in DC server and >> Share servers >> > Should be, except for the 'Well known SIDs', these will get xidNumbers > inside the '3000000' range on the DC and numbers inside the '*' range > on the Unix domain member. > > There is one last possible gotcha, the Domain Users group must have a > gidNumber inside the 'SAMDOM' range. > > Rowland >