similar to: Samba4 as DC, idmapping with different backend?

On Mon, 10 Jul 2017 14:17:42 +1000 Tom Robinson via samba <samba at lists.samba.org> wrote: > Hi, > > I've done a classic upgrade to from samba 3.6.23 to samba 4.6.5 > bringing across all the user accounts. The samba 3.6.23 we set up > with smbldap as an NT Domain with OpenLDAP. After a lot of effort the > classic upgrade worked well but now I'm a bit stuck with

I have a classic domain. The PDC and BDC are Samba 3.6.25 on Solaris 11. I have two domain members also Samba 3.6.25 on Solaris 11. I have two domain members that are samba 4.1.17 on Fedora Core 21. LDAP backend for unix and samba accounts. in smb.conf on member servers idmap config * : backend = tdb idmap config * : range = 5000-6000 idmap config MYDOMAIN

On 07/11/15 02:29, Jonathan Hunter wrote: > Hi, > > Resurrecting an older thread, but this same problem has just > re-occurred following a recent upgrade from 4.2.2 to 4.3.1. > > When this issue occurs, I can't access various files on my server > (whether sysvol or other shares) - this seems to be down to incorrect > UID mappings. I am using rfc2307 to set my UIDs, but

On 10 May 2015 at 16:11, Jonathan Hunter <jmhunter1 at gmail.com> wrote: > OK, I've got a little further and I think I have tracked this down to > a reverse DNS issue - which was non-obvious to me, so here is a > write-up for the benefit of the archives. Just to close this off - I have now got sssd configured and working on my Samba4 DCs (well, if I'm being picky, I have it

On Sat, 2015-02-21 at 20:05 +0000, Miguel Medalha wrote: > I just came to the conclusion that the rid backend has been very much > underappreciated. Too much mental inertia about how things used to be > made? > > After strugling for two days to configure a member server against a > Samba Active Directory with the ad/RFC2307 backend, I turned to the > rid backend and voil!

On 10/07/17 17:05, Rowland Penny via samba wrote: > On Mon, 10 Jul 2017 14:17:42 +1000 > Tom Robinson via samba <samba at lists.samba.org> wrote: > >> Hi, >> >> I've done a classic upgrade to from samba 3.6.23 to samba 4.6.5 >> bringing across all the user accounts. The samba 3.6.23 we set up >> with smbldap as an NT Domain with OpenLDAP. After a

Hi David, > Just to clarify, is it only the DC that doesn't return desired values of HomeDirectory and Shell? Yes, it is only the DC that doesn't pull HomeDirectory and Shell via rfc2307. (when using winbindd) Member servers with winbindd do pull the desired values without problems, I have it setup like this and it works without problems. I have only two ideas to solve your problem:

Hello there, we are just in process of upgrading a samba3 Domain to an AD with samba4. We are testing the setup in VMs. We have done the upgrade and have two DCs running just fine. We now joined one of our "old" machines to the domain as member. The idmap of the domain users are OK they are resolved locally with sssd-ad. The BUILTIN groups are different on the member server. Is this a

Am 22.02.2015 um 02:18 schrieb Andrew Bartlett: > On Sat, 2015-02-21 at 20:05 +0000, Miguel Medalha wrote: >> I just came to the conclusion that the rid backend has been very much >> underappreciated. Too much mental inertia about how things used to be >> made? >> >> After strugling for two days to configure a member server against a >> Samba Active Directory

On 14/06/15 03:20, Jonathan Hunter wrote: > Thank you Rowland - really clear example and explanation. > > From your example, this is what I would see, once the RFC2307 > attributes had been added: > > root at testdc2:~# getent passwd user2 > user2:*:3000015:10000:Jane Doe:/home/SAMBADOM/user2:/bin/false > root at testdc2:~# net cache flush > root at testdc2:~# getent

On 4 June 2015 at 17:25, buhorojo <buhorojo.lcb at gmail.com> wrote: > On 04/06/15 16:58, Roel van Meer wrote: >> >> I think the reason might be this: >> - You are using "idmap_ldb:use rfc2307" in your Samba config, which means >> that Samba will use the ID's specified in the unix attributes in your AD >>[...] >> > No, we don't

Hi, I'm sorry for the long email but I tried to put any informations useful to solve the problem I'm trying to use classicupgrade to migrate a samba3 server that use local user and tdb files on a test CentOS 6.5 VM with samba 4.1.5 builded from sources My goal is to migrate users and data and then admin the imported user via Microsoft RSAT tools without have to create local user on Centos

On 04/06/15 16:58, Roel van Meer wrote: > Hi Jonathan, > > I think the reason might be this: > - You are using "idmap_ldb:use rfc2307" in your Samba config, which > means that Samba will use the ID's specified in the unix attributes in > your AD (uidNumber, gidNumber). > - You are using "ldap_id_mapping = True" in sssd.conf, which means > that

On 09/05/15 18:20, Jonathan Hunter wrote: > Hi, > > I have a query about the use of sssd on a Samba4 DC. Background is as follows: > > I have two DCs and would like to synchronise files between the two > machines. This is for sysvol replication - I am using lsyncd ( > https://code.google.com/p/lsyncd/ ) to trigger an rsync whenever files > change. > > However I have

Guilherme Boing, on 19 Aug 2015 14:31 you wrote: > I just noticed that my fresh install of Samba 4.2.3 has the same behaviour. Did you get a solution? Odd, but this topic doesn't seem to be getting much traction. I wonder what people are using Samba4 for. Outside of hard-cord samba-junkies who love spending hours testing all kinds of esoteric features, I think most serious Samba4 AD/DC

Hi Jonathan, I think the reason might be this: - You are using "idmap_ldb:use rfc2307" in your Samba config, which means that Samba will use the ID's specified in the unix attributes in your AD (uidNumber, gidNumber). - You are using "ldap_id_mapping = True" in sssd.conf, which means that sssd will map uid and gid from the objectSID attribute. I think if you set

Hi, I know there've been some workarounds on this topic, however I'm missing the reason for winbind to behave differently on a DC and on a member server (I also had to work around that problem and I'd really like it fixed). If there's a technical reason for it, it'd be nice to know about it. If there isn't, then it's just a bug that should be fixed. Could someone of

On 10/12/14 18:58, Tim wrote: > At the moment numbers start at 3000000 and counting. In my eyes it > would make sense, that these number be stored in the AD when > provisioned with rfc2307. Or it should be replicated by drs. The numbers you are seeing are coming from idmap.ldb, now as you are using Sernet packages on Centos7, this will be in /var/lib/samba/private/idmap.ldb. The

I have a samba4 Domain Controller, there are no other samba4 domain member servers in the network, there is one other samba 3 member server in the network. I've setup the DC with: idmap_ldb:use rfc2307 = yes On the samba4, do we use the idmap attributes? # idmap config * : backend = tdb # idmap config * : range = 70001-999999 # idmap config IAPP : backend = ad #

Oooo!! You may have something there! I don't know whether these users are in the admin group, but they could be. I have been messing around with admin priv in order to allow users to be admins on their own workstations. I've got a Group Policy method with computer startup script and have also created a login on the user's workstation with the same name as the user, but as local