samba - Aug 2019 - id mapping on a dc+file server

On 10/08/2019 09:34, Stefan G. Weichinger via samba
wrote:
> Am 10.08.19 um 09:49 schrieb Rowland penny via samba:
>> On a DC, as standard, the numeric IDs are allocated on a first come
>> basis from the '3000000' range.
>>
>> On Unix domain members it depends on two things, which winbind backend
>> you use, linked with the Domain range set in AD, the examples on the
>> Samba wiki use '10000-999999'
> What is the reason for these decisions? Why don't DCs and DMs
"behave"
> the same?
>
>
I wasn't party to these decisions, but I think Samba at one point 
planned to provision member servers (in fact the code is still there, 
but doesn't actually work), if this had worked, perhaps we would all be 
using numeric IDs in the '3000000' range.

As I said, you can get DCs and Unix domain members to work similarly by 
using the 'ad' backend, but even here there are problems, you can only 
get the IDs from AD on a DC.

Rowland

Current plan : add a third DC, make dc2 a dm file server. Best solution
imo.

Am 10. August 2019 10:47:39 MESZ schrieb Rowland penny via samba
<samba at lists.samba.org>:

    On 10/08/2019 09:34, Stefan G. Weichinger via samba wrote:

        Am 10.08.19 um 09:49 schrieb Rowland penny via samba:

            On a DC, as standard, the numeric IDs are allocated on a
            first come
            basis from the '3000000' range.

            On Unix domain members it depends on two things, which
            winbind backend
            you use, linked with the Domain range set in AD, the
            examples on the
            Samba wiki use '10000-999999'

        What is the reason for these decisions? Why don't DCs and DMs
        "behave"
        the same?


    I wasn't party to these decisions, but I think Samba at one point
  planned to provision member servers (in fact the code is still there,
    but doesn't actually work), if this had worked, perhaps we would all
be     using numeric IDs in the '3000000' range.

    As I said, you can get DCs and Unix domain members to work similarly
by     using the 'ad' backend, but even here there are problems, you can
only     get the IDs from AD on a DC.

    Rowland



-- 
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail
gesendet.

Hai Stefan, 

Why make DC2 a member?? 
Leave it as is, setup a new member, much better, and i'll bet less
work/stress.

If you current member is a virtual server, follow these setups. 
Pick a source server. 

Disable samba + winbind for starting up. 
Stop samba + winbind. 
Then down the member. 
!!! THIS ORDER !!! 

Copy the virtual.
Start the new virtual.  
Change smb.conf and correct the hostname/ipnumbers to the new name. 
^^^^^^^^^^^^^^^^^^^^^^^^^ 
DO THIS FIRST. 

If you forget that, then your source member will get errors. 
So dont forget that. ! 

https://wiki.debian.org/HowTo/ChangeHostname
^^ follow it and change the /ip/hostnames where needed. 

Cleanup /var/*(lib,cache)/samba 
Reboot 

And rejoin samba now as normal. 
! You can do this also with DC2 as base, but thats up to you to assess what is
the best option for you.

And dont forget to enable samba startup again on the vm's 


Greetz, 

Louis


 
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Stefan G. Weichinger via samba
> Verzonden: zaterdag 10 augustus 2019 18:30
> Aan: samba
> Onderwerp: Re: [Samba] id mapping on a dc+file server
> 
> Current plan : add a third DC, make dc2 a dm file server. 
> Best solution
> imo.
> 
> Am 10. August 2019 10:47:39 MESZ schrieb Rowland penny via samba
> <samba at lists.samba.org>:
> 
>     On 10/08/2019 09:34, Stefan G. Weichinger via samba wrote:
> 
>         Am 10.08.19 um 09:49 schrieb Rowland penny via samba:
> 
>             On a DC, as standard, the numeric IDs are allocated on a
>             first come
>             basis from the '3000000' range.
> 
>             On Unix domain members it depends on two things, which
>             winbind backend
>             you use, linked with the Domain range set in AD, the
>             examples on the
>             Samba wiki use '10000-999999'
> 
>         What is the reason for these decisions? Why don't DCs and DMs
>         "behave"
>         the same?
> 
> 
>     I wasn't party to these decisions, but I think Samba at one point
>   planned to provision member servers (in fact the code is 
> still there,
>     but doesn't actually work), if this had worked, perhaps 
> we would all
> be     using numeric IDs in the '3000000' range.
> 
>     As I said, you can get DCs and Unix domain members to 
> work similarly
> by     using the 'ad' backend, but even here there are 
> problems, you can
> only     get the IDs from AD on a DC.
> 
>     Rowland
> 
> 
> 
> -- 
> Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail
> gesendet.
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

Am 12.08.19 um 17:07 schrieb L.P.H. van Belle via samba:
> Hai Stefan, 
> 
> Why make DC2 a member?? 
> Leave it as is, setup a new member, much better, and i'll bet less
work/stress.
In fact it's even DC1 but anyway: because of the hardware. Specific RAID
arrays etc needed for backups and snapshots.