Gilberto Ferreira
2024-May-17 15:36 UTC
[Samba] Sync samba machine account between diffent samba versions - 4.1 to 4.15
Hi there. I have two samba servers, let's say srv01 and srv02. For that matter, both are Zentyal Server 4 and 8, respectively. In the srv01 there is samba version 4.1, which is in the network 182.168.200.0/24, and which is by the way also the gateway to both network. In the srv02 there is samba version 4.15, which is in the DMZ network 10.10.100.0/24 The first is an additional controller for the second. Everything is working fine, except for machine sync. Let me explain: - Between these two samba servers, I have a Windows 2022 server. I was able to put Windows 2022 in the samba domain without any problems, which was a bit of surprise to me, since I always used to install SMB1v and SMB2v, first and then add the Windows server into the samba domain. - I can log in into the Windows 2022 server using the domain account created in the server with samba 4.15 - In fact users created in both samba servers appear on both servers. - With pdbedit --list I can see the following: srv01: pdbedit --list ... ... SRV01$:4294967295:SRV01$ SRV02$:4294967295: WINSRV01$:4294967295: srv02: pdbedit --list ... ... SRV01$:3000020:SRV01$ SRV02$:3000022: As you can see, the windows 2022 server was added in the srv01, which has samba 4.1.17 and does not appear in srv02, which has samba 4.15.13. Based on that, I wonder if this is something to do with these different versions, before I seek some help with the Zentyal guys. And I wonder if there is any way to force a sync between the two samba servers, in regard to the samba machines account. Thanks in advance. --- Gilbert
Rowland Penny
2024-May-17 16:10 UTC
[Samba] Sync samba machine account between diffent samba versions - 4.1 to 4.15
On Fri, 17 May 2024 12:36:33 -0300 Gilberto Ferreira via samba <samba at lists.samba.org> wrote:> Hi there. > I have two samba servers, let's say srv01 and srv02. For that matter, > both are Zentyal Server 4 and 8, respectively. > In the srv01 there is samba version 4.1, which is in the network > 182.168.200.0/24, and which is by the way also the gateway to both > network. In the srv02 there is samba version 4.15, which is in the > DMZ network 10.10.100.0/24 > The first is an additional controller for the second. > Everything is working fine, except for machine sync. > Let me explain: > - Between these two samba servers, I have a Windows 2022 server. I > was able to put Windows 2022 in the samba domain without any > problems, which was a bit of surprise to me, since I always used to > install SMB1v and SMB2v, first and then add the Windows server into > the samba domain. > - I can log in into the Windows 2022 server using the domain account > created in the server with samba 4.15 > - In fact users created in both samba servers appear on both servers. > - With pdbedit --list I can see the following: > srv01: > pdbedit --list > ... > ... > SRV01$:4294967295:SRV01$ > SRV02$:4294967295: > WINSRV01$:4294967295: > srv02: > pdbedit --list > ... > ... > SRV01$:3000020:SRV01$ > SRV02$:3000022: > > As you can see, the windows 2022 server was added in the srv01, which > has samba 4.1.17 and does not appear in srv02, which has samba > 4.15.13. Based on that, I wonder if this is something to do with > these different versions, before I seek some help with the Zentyal > guys. And I wonder if there is any way to force a sync between the > two samba servers, in regard to the samba machines account. > > Thanks in advance. > > --- > GilbertI think you may have to ask zentyal about this, whilst '3000020' is in the expected format (Samba DCs uses IDs in the 3000000 range unless you add uidNUmber & gidNumber attributes), '429467295' isn't. it is expected that different DCs will have different IDs for users, groups and computers, they are issued on each DC on a 'first-come-basis', for this reason you have to sync idmap.ldb between DCs. I feel I should point out that wouldn't even put an RODC in a DMZ, but hey, it is your domain. Rowland