similar to: Samba 4 two DCs no matching UID/GID

But will this idmap.ldb change work for upcoming new users or groups so that uid/gid will not be different? The wiki tells us about built-in groups. Those have the right ids. Am 9. Dezember 2014 23:03:44 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>: >On 09/12/14 21:07, Tim wrote: >> Hello all, >> >> I have a fresh install of two CentOS 7 machines. On

I found this. But I didn't find it related to DC idmapping replication. I have two pieces of hardware. My goal is realize an active directory for the windows clients and a file server. The AD should have redundancy (this is why I provisioned two DCs). The file should integrate snapshots like a NetApp system (snapshots are done by rsnapshot). The snapshot functionality works so far by mounting

I think I will only need uid and gid due to fs stuff. There are only Windows clients in that domain. So when the IDs are the same on both DCs, all will be fine I think. In RSAT there are no Unix attributes set. As an example: user1 has uid 3000021 on DC1 (first provisioned one). DRS seems fine. On DC2 user1 gets uid 3000017. If I set ID in RSAT Unix attributes after choosing domain, the IDs

I will try this tomorrow. Possibly this is my fix. When a domain is provisioned with rfc2307 it would make sense that Unix attributes especially uid/gid would automatically be set. A member also needs this to be set for unique fs acls right? Am 10. Dezember 2014 18:07:02 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>: >On 10/12/14 16:33, Tim wrote: >> I think I will

At the moment numbers start at 3000000 and counting. In my eyes it would make sense, that these number be stored in the AD when provisioned with rfc2307. Or it should be replicated by drs. https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC#Configuring_RFC2307_and_NIS_Extensions_in_a_Samba_AD says the following: No need for manual ID counting when using the default Microsoft tools. E. g.

Thanks for your answer and time you offer for me. That makes it a bit clearer. I searched the web and found that rsat needs to have the nis tools installed. Does it create Unix uid/gid automatically then? Without rfc2307 information it makes no sense to me to have a *nix machine for file services and another one for backup purposes, when uid and gid are not same (due to preserve acls). And for

Am 10. Dezember 2014 22:26:52 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>: >On 10/12/14 21:05, Tim wrote: >> Thanks for your answer and time you offer for me. That makes it a bit > >> clearer. >> >> I searched the web and found that rsat needs to have the nis tools >> installed. > >Good luck with trying to install 'Service for

Thanks for your advice regarding modifying the ldb. Before I do that I have to tell that uids and gids are automatically assigned in ADUC Unix tab. All have to do is to choose the NIS domain. After changing this field all other Unix attributes are automatially filled in. So this works. I tried something different for testing: I added a user with samba-tool using a script and assigned a random

On 10/12/14 12:21, rintimtim at gmx.net wrote: > Thanks for the advice of copying the idmap.ldb. That works. > After adding zum users the uid and gid begin to differ again. I read > that it is not recommended to run a DC as a fileserver but in my case > it's not really an option. It's a network of twelve clients, so four > servers are incommensurate to this amount of

On 10/12/14 14:39, Tim wrote: > I found this. But I didn't find it related to DC idmapping replication. > > I have two pieces of hardware. My goal is realize an active directory > for the windows clients and a file server. The AD should have > redundancy (this is why I provisioned two DCs). The file should > integrate snapshots like a NetApp system (snapshots are done by

---------- Forwarded message ---------- From: Dania Ramirez Moya <dania181087 at gmail.com> Date: Fri, 9 Jan 2015 12:12:18 -0500 Subject: Samba 4 two DCs no matching UID/GID To: samba <samba at lists.samba.org> Hello list: I have a install of two Debian7 machines with samba 4.1.7. On DC1 I made a domain provision with --use-rfc2307. On DC2 I made a join as DC exactly as

On 10/12/14 16:33, Tim wrote: > I think I will only need uid and gid due to fs stuff. There are only > Windows clients in that domain. > So when the IDs are the same on both DCs, all will be fine I think. > > In RSAT there are no Unix attributes set. As an example: user1 has uid > 3000021 on DC1 (first provisioned one). DRS seems fine. On DC2 user1 > gets uid 3000017. >

What if I use uidNumber to avoid messing up with idmap.ldb? In the first domain controller works fine, ignores idmap and use uidNumber, but this attribute is not being replicated when a new user is created. I explain myself a little deeper: 1-I have an AD DC, all users contain uidNumber. "wbinfo -i user" returns uidNumber as expected. 2-I join a second DC. LDAP is replicated

On 10/12/14 17:30, Tim wrote: > I will try this tomorrow. Possibly this is my fix. > > When a domain is provisioned with rfc2307 it would make sense that > Unix attributes especially uid/gid would automatically be set. This is a common misconception, it does not happen, one reason being, what number do you start at ?? > > A member also needs this to be set for unique fs acls

On 09/12/14 21:07, Tim wrote: > Hello all, > > I have a fresh install of two CentOS 7 machines. On DC1 I made a domain provision with --use-rfc2307. In DC2 I made a join as DC - both exactly as the wiki advised. > > In fact of its missing I added the idmap use rfc2307 yes parameter to smb.conf. > > I will have an extra share on both DCs. > > Today I realized, that wbinfo

On 10/12/14 18:58, Tim wrote: > At the moment numbers start at 3000000 and counting. In my eyes it > would make sense, that these number be stored in the AD when > provisioned with rfc2307. Or it should be replicated by drs. The numbers you are seeing are coming from idmap.ldb, now as you are using Sernet packages on Centos7, this will be in /var/lib/samba/private/idmap.ldb. The

On 10/12/14 21:05, Tim wrote: > Thanks for your answer and time you offer for me. That makes it a bit > clearer. > > I searched the web and found that rsat needs to have the nis tools > installed. Good luck with trying to install 'Service for NIS', it installs on a windows AD DC, you haven't got a windows AD DC, you have a Samba AD DC and guess what, it already

On 10/12/14 21:53, Tim wrote: > > Am 10. Dezember 2014 22:26:52 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>: >> On 10/12/14 21:05, Tim wrote: >>> Thanks for your answer and time you offer for me. That makes it a bit >>> clearer. >>> >>> I searched the web and found that rsat needs to have the nis tools >>> installed.

I understood what have explained. All is fine so far. For my environment I need these ids to be stored to the directory (except for built-in groups) due to file services and today I found a way to write the ids to the directory. I only have Windows client so that other rfc2307 information's like shell etc will not really matter. But ids are important for setting right acls in the filesystem.

On 11/12/14 13:21, rintimtim at gmx.net wrote: > I think for now, uid and gid would be enough, when these would be automatically set without the need of enabling nis domain in unix tab. Just because it is import to unix based fileservers. Every uid and gid would be replicated and available on every DC. ID-mapping would not be neccessary when using rfc2307. Using rfc2307 attributes **IS*