Rowland Penny
2024-May-17 16:10 UTC
[Samba] Sync samba machine account between diffent samba versions - 4.1 to 4.15
On Fri, 17 May 2024 12:36:33 -0300 Gilberto Ferreira via samba <samba at lists.samba.org> wrote:> Hi there. > I have two samba servers, let's say srv01 and srv02. For that matter, > both are Zentyal Server 4 and 8, respectively. > In the srv01 there is samba version 4.1, which is in the network > 182.168.200.0/24, and which is by the way also the gateway to both > network. In the srv02 there is samba version 4.15, which is in the > DMZ network 10.10.100.0/24 > The first is an additional controller for the second. > Everything is working fine, except for machine sync. > Let me explain: > - Between these two samba servers, I have a Windows 2022 server. I > was able to put Windows 2022 in the samba domain without any > problems, which was a bit of surprise to me, since I always used to > install SMB1v and SMB2v, first and then add the Windows server into > the samba domain. > - I can log in into the Windows 2022 server using the domain account > created in the server with samba 4.15 > - In fact users created in both samba servers appear on both servers. > - With pdbedit --list I can see the following: > srv01: > pdbedit --list > ... > ... > SRV01$:4294967295:SRV01$ > SRV02$:4294967295: > WINSRV01$:4294967295: > srv02: > pdbedit --list > ... > ... > SRV01$:3000020:SRV01$ > SRV02$:3000022: > > As you can see, the windows 2022 server was added in the srv01, which > has samba 4.1.17 and does not appear in srv02, which has samba > 4.15.13. Based on that, I wonder if this is something to do with > these different versions, before I seek some help with the Zentyal > guys. And I wonder if there is any way to force a sync between the > two samba servers, in regard to the samba machines account. > > Thanks in advance. > > --- > GilbertI think you may have to ask zentyal about this, whilst '3000020' is in the expected format (Samba DCs uses IDs in the 3000000 range unless you add uidNUmber & gidNumber attributes), '429467295' isn't. it is expected that different DCs will have different IDs for users, groups and computers, they are issued on each DC on a 'first-come-basis', for this reason you have to sync idmap.ldb between DCs. I feel I should point out that wouldn't even put an RODC in a DMZ, but hey, it is your domain. Rowland
Gilberto Ferreira
2024-May-17 16:17 UTC
[Samba] Sync samba machine account between diffent samba versions - 4.1 to 4.15
>> I think you may have to ask zentyal about thisYeah! You are probably right about that. I just ask for the sake of somebody to come up with some command to do the job.>> I feel I should point out that wouldn't even put an RODC in a DMZ, but >> hey, it is your domain.Yeah! Just playing around with this. No production env or domain. Thanks anyway --- Gilbert Em sex., 17 de mai. de 2024 ?s 13:11, Rowland Penny via samba < samba at lists.samba.org> escreveu:> On Fri, 17 May 2024 12:36:33 -0300 > Gilberto Ferreira via samba <samba at lists.samba.org> wrote: > > > Hi there. > > I have two samba servers, let's say srv01 and srv02. For that matter, > > both are Zentyal Server 4 and 8, respectively. > > In the srv01 there is samba version 4.1, which is in the network > > 182.168.200.0/24, and which is by the way also the gateway to both > > network. In the srv02 there is samba version 4.15, which is in the > > DMZ network 10.10.100.0/24 > > The first is an additional controller for the second. > > Everything is working fine, except for machine sync. > > Let me explain: > > - Between these two samba servers, I have a Windows 2022 server. I > > was able to put Windows 2022 in the samba domain without any > > problems, which was a bit of surprise to me, since I always used to > > install SMB1v and SMB2v, first and then add the Windows server into > > the samba domain. > > - I can log in into the Windows 2022 server using the domain account > > created in the server with samba 4.15 > > - In fact users created in both samba servers appear on both servers. > > - With pdbedit --list I can see the following: > > srv01: > > pdbedit --list > > ... > > ... > > SRV01$:4294967295:SRV01$ > > SRV02$:4294967295: > > WINSRV01$:4294967295: > > srv02: > > pdbedit --list > > ... > > ... > > SRV01$:3000020:SRV01$ > > SRV02$:3000022: > > > > As you can see, the windows 2022 server was added in the srv01, which > > has samba 4.1.17 and does not appear in srv02, which has samba > > 4.15.13. Based on that, I wonder if this is something to do with > > these different versions, before I seek some help with the Zentyal > > guys. And I wonder if there is any way to force a sync between the > > two samba servers, in regard to the samba machines account. > > > > Thanks in advance. > > > > --- > > Gilbert > > I think you may have to ask zentyal about this, whilst '3000020' is in > the expected format (Samba DCs uses IDs in the 3000000 range unless > you add uidNUmber & gidNumber attributes), '429467295' isn't. it is > expected that different DCs will have different IDs for users, groups > and computers, they are issued on each DC on a 'first-come-basis', for > this reason you have to sync idmap.ldb between DCs. > > I feel I should point out that wouldn't even put an RODC in a DMZ, but > hey, it is your domain. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >