On 8/17/2020 7:59 AM, Rowland penny via samba wrote:> Could it be that 'username' doesn't have a uidNumber ? > >Well, when I run "id [username]" on the DC, I get a "uid=3000013(SUBDOM\[username])" and"gid=10000", etc. When I run "id [username]" on the member server (mbr04) I get "id: 'SUBDOM\[username]': no such user". -- Bob Wooden
On 17/08/2020 14:13, Robert E. Wooden via samba wrote:> On 8/17/2020 7:59 AM, Rowland penny via samba wrote: >> Could it be that 'username' doesn't have a uidNumber ? >> >> > Well, when I run "id [username]" on the DC, I get a > "uid=3000013(SUBDOM\[username])" and"gid=10000", etc. > > When I run "id [username]" on the member server (mbr04) I get "id: > 'SUBDOM\[username]': no such user". > >The '3000013' is not a uidNumber, it is an 'xidNumber' and these are only used on a DC and unless you sync 'idmap.ldb' from the first DC to all other DC's, you cannot guarantee getting the same ID on all DC's uidNumber attributes are not added automatically, you must add them manually, same goes for gidNumber attributes. Rowland
On 8/17/2020 8:21 AM, Rowland penny via samba wrote:> The '3000013' is not a uidNumber, it is an 'xidNumber' and these are > only used on a DC and unless you sync 'idmap.ldb' from the first DC to > all other DC's, you cannot guarantee getting the same ID on all DC's > > uidNumber attributes are not added automatically, you must add them > manually, same goes for gidNumber attributes. >I am not arguing with you because, I think your correct (you usually are). I manually added the "Domain Users" group id (10000) with samba-tool (samba-tool group addunixattrs "Domain Users" 10000, I think without looking thru my notes) some time ago. The member smb.conf has "idmap config WKDOM : range = 10000-999999" and gid started with 10000, should uid start at (for example) 10001 (for first user to be mapped) and increase sequence (+1 as in 10002) for subsequent users? (Adding uid & gid manually, I am aware that I will need to keep a record of these.) Guide lines you can point me to or confirm I am correct here? -- Bob Wooden