On 17/08/2020 14:35, Robert E. Wooden via samba wrote:> On 8/17/2020 8:21 AM, Rowland penny via samba wrote:
>> The '3000013' is not a uidNumber, it is an 'xidNumber'
and these are
>> only used on a DC and unless you sync 'idmap.ldb' from the
first DC
>> to all other DC's, you cannot guarantee getting the same ID on all
DC's
>>
>> uidNumber attributes are not added automatically, you must add them
>> manually, same goes for gidNumber attributes.
>>
> I am not arguing with you because, I think your correct (you usually
> are).
>
> I manually added the "Domain Users" group id (10000) with
samba-tool
> (samba-tool group addunixattrs "Domain Users" 10000, I think
without
> looking thru my notes) some time ago.
>
> The member smb.conf has "idmap config WKDOM : range =
10000-999999"
> and gid started with 10000, should uid start at (for example) 10001
> (for first user to be mapped) and increase sequence (+1 as in 10002)
> for subsequent users?
>
> (Adding uid & gid manually, I am aware that I will need to keep a
> record of these.)
>
> Guide lines you can point me to or confirm I am correct here?
>
Mostly you are correct, but 'user' != 'group' or to put it
another way,
you can use the same range for users and groups (in fact you have to),
so just add the uidNumber '10000' to 'username' on the DC and
then see
if getent can find the user on the Unix samba member, you should get
something like this:
getent passwd rowland
rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
Rowland