similar to: Winbind on AD DC not honoring rfc2307 gid entries

On 27/05/16 17:44, Data Control Systems - Mike Elkevizth wrote: > Hi, > > I have a somewhat complicated Samba AD DC setup with four remote site AD > DCs (connected via VPN). These DCs also act as file servers (yes, I read > the warning in the documentation, but we don't have the resources to add > separate file servers at each site and we would like each server to be a DC

On 14/06/16 17:00, Carlos A. P. Cunha wrote: > Correcting previous email > > > Hello! > Own two Dcs Samba 4.4, this all OK, but ids are different: > > > Example DC1: > id tr005 > uid = 3000039 (TESTELOCAL \ tr005) gid = 100 (users) groups = 100 > (users), 3000039 (TESTELOCAL \ tr005), 3,000,009 (BUILTIN \ users) > > Example DC2: > id tr005 > uid =

Hi Samba team ! I have some conflicts between uid stored in the rfc2307 attributes and some local uid from idmap.ldb My network : ------------------ I have three samba AD DC with sysvol replication. Sadly, as I don't have some other machines, the three DC also share my user's Home and Profile directories. So I need at least : -> Builtin User/Group ID mapping between DCs (easy) ->

That's one things to add schema in your AD, that's another thing to use that schema. Adding schema for rfc2307 in AD grant you possibility to set uidNumber, gidNumber, loginShell and others attributes to your AD users. That grant you that possibility but you are free to use that possibility. Next step is to define xidNumber to your users. 2016-06-14 18:31 GMT+02:00 Carlos A. P. Cunha

Hello! Own two Dcs Samba 4.4, this all OK, but ids are different: Example DC2: id tr005 uid = 3000039 (TESTELOCAL \ tr005) gid = 100 (users) groups = 100 (users), 3000039 (TESTELOCAL \ tr005), 3,000,009 (BUILTIN \ users) Example DC2: id tr005 uid = 3000023 (TESTELOCAL \ tr005) gid = 100 (users) groups = 100 (users), 3000023 (TESTELOCAL \ tr005), 3,000,001 (BUILTIN \ users) My smb.conf is the

On Tue, Dec 2, 2014 at 11:15 AM, Rowland Penny <rowlandpenny at googlemail.com> wrote: > >> Doh, I missed that, well spotted Steve. > > Do not alter idmap.ldb, leave it alone, use RFC2307 attributes where > possible and join my campaign to get winbindd to pull all the attributes :-D > So, the xidNumber isn't needed? I'm going to be use SSSD for local auth,

On 02/12/14 09:29, Greg Zartman wrote: > > I think I've finally got this all sorted out. After I setup a user using > samba-tool user create, I'll pull the RID for this new user and then set > the UID/GID = RID + 3000. I'll then set xidNumber = UIDNumber(GIDNumber), > as appropriate. I'd recommend using only 1 database for all your users (AD) and leave

On 30/01/15 16:55, Hans-Kristian Bakke wrote: > I still do not follow you. An additional reason for including > administrator in the first place, not including that I actually want > it to work against the linux boxes like every other domain user, was > because winbind returns the exact same mapping when using idmap > backend RID with range 300000-499999 (i.e not rfc2307 attributes)

Hi Rowland, On 5 June 2015 at 12:14, Rowland Penny <rowlandpenny at googlemail.com> wrote: > So I take it that when you provisioned the domain, you didn't use > '--use-rfc2307' Correct > OK, you now have the same result, so it should work as if you had used > '--use-rfc2307' Yup - and indeed it works on the second DC. > You have two problems here, well

Yup, strange - right! Samba 4.2.2 RFC2307 attributes were added as follows: # sed -e 's/${DOMAINDN}/dc=MYDOMAIN,dc=MY,dc=TLD/g' \ -e 's/${NETBIOSNAME}/MYDOMAIN/g' \ -e 's/${NISDOMAIN}/MYDOMAIN/g' \ /usr/local/samba/share/setup/ypServ30.ldif > ypServ30-JMH.ldif # service samba4 stop # ldbmodify -H

On 30/01/15 17:29, Hans-Kristian Bakke wrote: > On one of your DCs? As in you run Samba for your DCs? > > This thread was using Server 2012 R2 as DCs, and that was what my > response was aimed at. I am also using Server 2012 R2 for DCs. In this > case the Administrator is "just a user" seen from the linux boxes. > That Administrator is assigned a root-role in a Samba DC

On 13/06/15 11:00, Jonathan Hunter wrote: > On 13 June 2015 at 09:34, buhorojo <buhorojo.lcb at gmail.com> wrote: >>> On 12 June 2015 at 08:55, Jonathan Hunter <jmhunter1 at gmail.com> wrote: >>> Sadly, even though sssd is now running and I'm no longer reliant on >>> winbind, the rest of samba doesn't seem to be taking notice of these >>>

On 10/09/2016 02:51 AM, Rowland Penny via samba wrote: > Have you by any chance got another 3001108 'xidNumber' in idmap.ldb ? > If you give a user a 'uidNumber' attribute, the contents of this will be > used instead of the 'xidNumber' in idmap.ldb, hence you do not need to > (and probably shouldn't) use numbers in the '3000000' range. I managed to

On Sat, 14 Jan 2017 17:09:47 +0000 Jonathan Hunter via samba <samba at lists.samba.org> wrote: > Hi All, > > Trying to avoid making this into a "Me too" response :) but this is > the single largest issue I have with Samba at the moment, I've > struggled with this for literally years, both before I switched to > rfc2307 (which did help in many areas) and

Hi Rowland, On 27 May 2017 11:39: > Hmm, you mention: > > 'idmap_ldb:use rfc2307 = yes' and 'xidNumber' > > Is this on a DC or a Unix domain member ? This is on a DC. I only have two centOS7 AD DC's in my environment.. Tim

On 01/12/14 19:16, steve wrote: > On 01/12/14 19:30, Rowland Penny wrote: >> On 01/12/14 18:23, steve wrote: >>> On 01/12/14 19:11, Rowland Penny wrote: >>>> On 01/12/14 17:46, steve wrote: >>>>> On 01/12/14 18:25, Rowland Penny wrote: >>>>>> On 01/12/14 17:16, steve wrote: >>>>>>> On 01/12/14 18:11, Rowland Penny

On Thu, 2016-10-27 at 17:23 -0200, Vinicius Bones Silva via samba wrote: > Hi Rowland, > >      Just to let you know, we removed all the idmap entries we had on > the smb.conf of our  > two DCs and the ids reported by getent passwd at the DCs were in the > 3.000.000 range, as  > you said. We had to add back 'idmap_ldb:use rfc2307 = yes' to get the > user listing

On 10/20/2017 05:48 PM, Rowland Penny via samba wrote: >> So I tried what is suggested in this thread: >> https://lists.samba.org/archive/samba/2016-April/thread.html#199609 > > I really should have said there that using '513' wasn't a good idea ;-) ok I'll revert to 100 ;-) > The only way to get the same IDs everywhere is to use the winbind >

Hello I had a problem with different group IDs on my two DCs. They have both Version 4.7.6-Ubuntu and use the RFC2307 scheme. The first DC showed the group-IDs 200xx that I gave in the AD. The second DC gave the ID 100 to Domain Users and other 200xx IDs to the groups. To could solve the problem: ?1. I gave Unix UIDs to all users and GIDs to groups in the Active Directory with RSAT ?2. I

On 07/11/15 17:47, Jonathan Hunter wrote: > On 7 November 2015 at 17:01, Michael Adam <obnox at samba.org> wrote: >> Also, for all I know, the DC always has local unix user and group >> IDs, and does NOT use the rfc2307 attributes for this. (Unless >> this has changed recently, but I can't imagine how.) So there is >> nothing wrong with samba not using the rfc