Displaying 20 results from an estimated 30000 matches similar to: "id mapping on a dc+file server"
2019 Aug 09
3
id mapping on a dc+file server
Thanks for your answer. It is clearer now for me.
> >> It is probably a bit late to change now, but there is only one way to
> >> get the same numeric ID everywhere and that is to use the 'ad' winbind
> >> backend.
So, on the Linux clients?
> > This is why I removed the idmap config entries from the dc3 smb.conf.
> > "On a Samba Active
2019 Aug 08
0
id mapping on a dc+file server
> > Hi,
> >
> > I have a question again about my test environment. I have dc1, dc2,
> > fileserver1, and dc3. dc3 is on an another site, and is functioning as
> > fileserver too. As I read in the documentation, I cannot (shouldn't) use
> > idmap config parameters in the smb.conf on my dc3. Unfortunately, first I
> > copied that parameters too from
2016 May 27
2
Winbind on AD DC not honoring rfc2307 gid entries
Hi,
I have a somewhat complicated Samba AD DC setup with four remote site AD
DCs (connected via VPN). These DCs also act as file servers (yes, I read
the warning in the documentation, but we don't have the resources to add
separate file servers at each site and we would like each server to be a DC
because of the sometimes flaky VPN connections). We have some notebook
2019 Jul 03
5
cannot set filesystem permissions on shares
> >> Who are you logged into the Windows PC as ?
> > I log in az A\Administrator. I created an admin user, put in Domain
> > Admins group, but the result was the same (ok, it would be strange, if
> > it would work with it, instead of Administrator)
> Then you need to ensure that 'Domain Admins' has the same privilege as
> 'A\Administrator'
Ok, I
2017 Sep 26
8
Domain member server: user access
Hai Rowland,
>
> No, you haven't done anything wrong and yes the provision
> does set Domain Users to '100' in idmap.ldb.
>
Ow..
This i did not know, only wondering why its not BUILTIN\users ( how it is in windows ).
Do you know as of which version this is? Of as of start, i really never noticed this.
>
> Do not remove Domain Users, but you are correct,
2019 Sep 17
3
Sync UID/GUI between two DCs
Hello
I had a problem with different group IDs on my two DCs. They have both
Version 4.7.6-Ubuntu and use the RFC2307 scheme. The first DC showed the
group-IDs 200xx that I gave in the AD. The second DC gave the ID 100 to
Domain Users and other 200xx IDs to the groups.
To could solve the problem:
?1. I gave Unix UIDs to all users and GIDs to groups in the Active
Directory with RSAT
?2. I
2019 Jun 05
2
getent group does not list domain groups - question regarding default gidNumbers on PDC
On 6/5/19 10:06 AM, Rowland penny via samba wrote:
>>
>> Now I have problems with id mapping configuration:
>>
>> wbinfo -u works.
>> wbinfo -g works.
>> getent group does not list domain users and groups.
>>
>> I logged into PDC and checked gidNumber for "Domain Users":
>>
>> [root at site-ad ~]# wbinfo --name-to-sid
2020 Nov 03
2
ID Mapping
On 03/11/2020 13:05, O'Connor, Daniel wrote:
>
>> On 3 Nov 2020, at 23:21, Rowland penny via samba <samba at lists.samba.org> wrote:
>> On 03/11/2020 12:17, O'Connor, Daniel wrote:
>>> I tried setting uidNumber et al via the active directory editor and samba-ldbedit, however the mapping doesn't seem to change so I am wondering if it ends up stored
2017 May 27
3
idmap woes after upgrade
On 27 May 2017 12:45:
On Sat, 27 May 2017 11:02:36 +0000
Tim ODriscoll <tim.odriscoll at lambrookschool.co.uk> wrote:
> The other lines never did anything on a DC.
Thank you, I've removed them now..
> Unless you manually add uidNumber attributes to users and gidNumber
> attributes to groups, id mapping on a DC is done in idmap.ldb and
> results in ID numbers in the 3000000
2018 Feb 16
2
idmap config ad: can't resolve domain users' uids
Il 16/02/18 13:43, Rowland Penny via samba ha scritto:
> On Fri, 16 Feb 2018 13:10:16 +0100
> Francesco Malvezzi via samba <samba at lists.samba.org> wrote:
>
>>
>> So just to recap: there were two problems:
>>
>> 1) the syntax mistake in smb.conf pointed up before;
>
> This wouldn't have helped.
>
>> 2) a logical mistake because wbinfo
2020 Nov 04
2
ID Mapping
On 04/11/2020 00:14, O'Connor, Daniel wrote:
> Hmm, you say 'uidNumber' but I have xidNumber:
> # editing 1 records
> # record 1
> dn: CN=S-1-5-21-1638907138-195301586-368347949-3088
> cn: S-1-5-21-1638907138-195301586-368347949-3088
> objectClass: sidMap
> objectSid: S-1-5-21-1638907138-195301586-368347949-3088
> type: ID_TYPE_BOTH
> xidNumber: 1044
>
2020 Sep 04
4
Acls
Hi I have some problems with setting permissions on my share. I think it has to do that I didn?t configure this
If you use the winbind 'ad' backend on Unix domain members and you add a gidNumber attribute to the Domain Admins group in AD, you will break the mapping in idmap.ldb. Domain Admins is mapped as ID_TYPE_BOTH in idmap.ldb, this is to allow the group to own files in Sysvol on a
2014 Dec 01
4
uidNumber. ( Was: What is --rfc2307-from-nss ??)
On 01/12/14 17:16, steve wrote:
> On 01/12/14 18:11, Rowland Penny wrote:
>> On 01/12/14 17:09, steve wrote:
>>> On 01/12/14 17:31, Greg Zartman wrote:
>>>> On Mon, Dec 1, 2014 at 1:33 AM, Rowland Penny
>>>> <rowlandpenny at googlemail.com>
>>>> wrote:
>>>>
>>>>>
>>>>>> I do what windows does,
2017 May 27
3
idmap woes after upgrade
Hello All,
I've bitten the bullet and upgraded from sernet-samba-4.2 to 4.6.4-SerNet-RedHat-7.el7.
Now my AD users don't show up in Linux, with the result that the [homes] share fails to connect. Other shares work fine, it's just the homes share. There doesn't appear to be any uidNumber mapping going on.
I used to be able to use the unix command 'id' to show user info,
2016 Oct 09
4
Problem with one User after upgrade to 4.5.0
On 10/09/2016 02:51 AM, Rowland Penny via samba wrote:
> Have you by any chance got another 3001108 'xidNumber' in idmap.ldb ?
> If you give a user a 'uidNumber' attribute, the contents of this will be
> used instead of the 'xidNumber' in idmap.ldb, hence you do not need to
> (and probably shouldn't) use numbers in the '3000000' range.
I managed to
2020 Jan 09
3
authentication problem
Hi,
I have 4 Samba servers DC1, DC2, DC3, SRV8. DC3 is a domain controller and
file server, SRV8 is a file server.
Sometimes one/another computer cannot mount network shares from SRV8. We
can log in on that computer, but when we try to mount a network share,
Windows asks credentials for the share, but doesn't accept it. When we log
in with another user on the same computer, the result is the
2019 Sep 18
2
Sync UID/GUI between two DCs
Am 18.09.19 um 16:17 schrieb Rowland penny:
> On 18/09/2019 03:41, Simeon Peter via samba wrote:
>> I would remove any uidNumber & gidNumber attributes from the
>> following users (if set):
>>> administrator
>>> guest
>>> krbtgt
>> Administrator has a uidNumber since long time and owns some files.
>> Are there disadvantages if I leave his
2018 Apr 06
2
User idmap lost
>
> Some more information. RSAT on the windows 10 client shows all the
> proper UNIX attributes. The uidNumber is the correct 3001108. So I
> removed the idmap.ldb entry for my wife's sid and restarted the AD.
> The new idmap entry was created and I noticed that getent returned the
> xidNumber from the new entry. It appears that the AD is ignoring the
> UNIX
2017 Jan 17
3
Corrupted idmap...
Rowland, I was just reading over another thread on this list about the
inability to access group policy from client machines. The user did not
have the symlinks setup (I do) but one thing you mentioned was using the
NIS attributes to set UID/GID numbers for the domain. You said we should
not do this for certain users and groups, but there is no mention of
this in the guides to setting up an AD DC,
2019 Feb 25
2
winbind causing huge timeouts/delays since 4.8
On 25.02.2019 10:20, Rowland Penny via samba wrote:
> On Mon, 25 Feb 2019 09:24:24 +0100
> Viktor Trojanovic via samba <samba at lists.samba.org> wrote:
>
>
>
>>>> I'm confused.. how is the choice of the idmap backend related to an
>>>> AD DC use case?
>>> Only in the case of wanting the same ID everywhere.
>> In my understanding, the