samba - May 2023 - ACL permissions on 2 Servers

Hi,

I have 2 Servers with samba 4.17 compiled and sincronzid. The too work as file
server as well. The contente of the file server os in mirror with drbd.  When
the server01 is shutdown and server02 start t? work It show ALL the users and
groups folders correctly but without access for the users in the Windows clients
members.

I know that It is recommended to use another member server as file server so
that It is isolated of the DC but that's not possible today.

The file server storage os with 4TB used.

Obter o Outlook para Android<https://aka.ms/AAb9ysg>

On 21/05/2023 14:56, Elder Rodrigues via samba wrote:
> Hi,
> 
> I have 2 Servers with samba 4.17 compiled and sincronzid. The too work as
file server as well. The contente of the file server os in mirror with drbd. 
When the server01 is shutdown and server02 start t? work It show ALL the users
and groups folders correctly but without access for the users in the Windows
clients members.
> 
> I know that It is recommended to use another member server as file server
so that It is isolated of the DC but that's not possible today.
OK, do it tomorrow then :-)
> 
> The file server storage os with 4TB used.
> 
Using a DC as a fileserver isn't recommended for many reasons and you 
seem to have found at least one of them.

I think you may be hitting the problem that a user or group will very 
probably not get the same Unix ID on both DC's. This is because a DC 
issues ID's on first come basis.

You need to ensure that idmap.ldb is synced between the two DC's

It will also probably be a good idea to run a VM with a Unix domain 
member in it on both DC's (if you are going to keep turning a DC off).

Rowland