similar to: Sync UID/GUI between two DCs

Thank you for your answers Rowland. I could go ahead. Am 17.09.19 um 18:52 schrieb Rowland penny: > On 17/09/2019 09:30, Simeon Peter wrote: >> Am 17.09.19 um 17:08 schrieb Rowland penny via samba: >>> Do not give the standard Windows users and groups a uid/gidNumber, >>> most are never used on Unix, the main exception would be Domain Users. >> OK, now I did it

Am 18.09.19 um 16:17 schrieb Rowland penny: > On 18/09/2019 03:41, Simeon Peter via samba wrote: >> I would remove any uidNumber & gidNumber attributes from the >> following users (if set): >>> administrator >>> guest >>> krbtgt >> Administrator has a uidNumber since long time and owns some files. >> Are there disadvantages if I leave his

On 1/13/2017 3:30 PM, Rowland Penny wrote: > On Fri, 13 Jan 2017 15:20:52 -0500 > Bob Thomas <bthomas at cybernetics.com> wrote: > >> On 1/13/2017 1:45 PM, Rowland Penny wrote: >>> On Fri, 13 Jan 2017 13:30:14 -0500 >>> Bob Thomas <bthomas at cybernetics.com> wrote: >>> >>>> Rowland, >>>>>> Thank you for the quick

Rowland, Thank you for the quick response. I have just run net cache flush no change in problem. I have dumped the idmap.ldp using ldbsearch -H /var/lib/samba/private/idmap.ldb > idmap.txt and did some sorting, that is how I found the duplicates. On 1/13/2017 11:09 AM, Rowland Penny via samba wrote: > samba-tool ntacl > >sysvolreset

On 1/13/2017 4:58 PM, Rowland Penny via samba wrote: > On Fri, 13 Jan 2017 16:43:39 -0500 > Bob Thomas via samba <samba at lists.samba.org> wrote: > >> On 1/13/2017 3:30 PM, Rowland Penny wrote: >> >>> On Fri, 13 Jan 2017 15:20:52 -0500 >>> Bob Thomas <bthomas at cybernetics.com> wrote: >>> >>>> On 1/13/2017 1:45 PM, Rowland

My idea is similar. Today I didn't had the time to go on. But this my concept and it works with a short script (example for groups): DC1 (schema master) for loop on wbinfo -g will check if rfc2307 info is null for these groups in AD (ldbsearch) when rfc2307 gid is equal to wbinfo --group-info | cut -d: -f3 then exit else update rfc2307 info by importing created ldif file (ldbmodify) To get

Why only Domain Users and Domain Admins? I can't follow. But a good idea you've had. So a script can possibly be run on every DC the same. I will check and verify. What about built-in objects like system? These are not available in ADUC if my memory doesn't fail now. Will there be a problem when other built-in objects get a rfc gid/uid. E.g. for now wbinfo resolves uid 0 for

On 17/09/2019 09:30, Simeon Peter wrote: > > Am 17.09.19 um 17:08 schrieb Rowland penny via samba: >> Do not give the standard Windows users and groups a uid/gidNumber, >> most are never used on Unix, the main exception would be Domain Users. > OK, now I did it already. It it ok to leave it like this? I would remove any uidNumber & gidNumber attributes from the following

On 27 May 2017 12:45: On Sat, 27 May 2017 11:02:36 +0000 Tim ODriscoll <tim.odriscoll at lambrookschool.co.uk> wrote: > The other lines never did anything on a DC. Thank you, I've removed them now.. > Unless you manually add uidNumber attributes to users and gidNumber > attributes to groups, id mapping on a DC is done in idmap.ldb and > results in ID numbers in the 3000000

On 04/11/2020 00:14, O'Connor, Daniel wrote: > Hmm, you say 'uidNumber' but I have xidNumber: > # editing 1 records > # record 1 > dn: CN=S-1-5-21-1638907138-195301586-368347949-3088 > cn: S-1-5-21-1638907138-195301586-368347949-3088 > objectClass: sidMap > objectSid: S-1-5-21-1638907138-195301586-368347949-3088 > type: ID_TYPE_BOTH > xidNumber: 1044 >

On 10/09/2016 02:51 AM, Rowland Penny via samba wrote: > Have you by any chance got another 3001108 'xidNumber' in idmap.ldb ? > If you give a user a 'uidNumber' attribute, the contents of this will be > used instead of the 'xidNumber' in idmap.ldb, hence you do not need to > (and probably shouldn't) use numbers in the '3000000' range. I managed to

Hi I have some problems with setting permissions on my share. I think it has to do that I didn?t configure this If you use the winbind 'ad' backend on Unix domain members and you add a gidNumber attribute to the Domain Admins group in AD, you will break the mapping in idmap.ldb. Domain Admins is mapped as ID_TYPE_BOTH in idmap.ldb, this is to allow the group to own files in Sysvol on a

On 6/5/19 10:06 AM, Rowland penny via samba wrote: >> >> Now I have problems with id mapping configuration: >> >> wbinfo -u works. >> wbinfo -g works. >> getent group does not list domain users and groups. >> >> I logged into PDC and checked gidNumber for "Domain Users": >> >> [root at site-ad ~]# wbinfo --name-to-sid

On Sat, 14 Jan 2017 17:09:47 +0000 Jonathan Hunter via samba <samba at lists.samba.org> wrote: > Hi All, > > Trying to avoid making this into a "Me too" response :) but this is > the single largest issue I have with Samba at the moment, I've > struggled with this for literally years, both before I switched to > rfc2307 (which did help in many areas) and

On 01/12/14 17:16, steve wrote: > On 01/12/14 18:11, Rowland Penny wrote: >> On 01/12/14 17:09, steve wrote: >>> On 01/12/14 17:31, Greg Zartman wrote: >>>> On Mon, Dec 1, 2014 at 1:33 AM, Rowland Penny >>>> <rowlandpenny at googlemail.com> >>>> wrote: >>>> >>>>> >>>>>> I do what windows does,

Am 11. Dezember 2014 23:25:58 MEZ, schrieb steve <steve at steve-ss.com>: >On 11/12/14 23:15, Tim wrote: >> Thanks Steve, >> >> I will have a look at it. I think it's important to sync the >idmap.ldb >> limits > >It isn't important. The limits are the same on all DCs, even if you >have >not copied the idmap database anywhere else. All you

On 25.02.2019 10:20, Rowland Penny via samba wrote: > On Mon, 25 Feb 2019 09:24:24 +0100 > Viktor Trojanovic via samba <samba at lists.samba.org> wrote: > > > >>>> I'm confused.. how is the choice of the idmap backend related to an >>>> AD DC use case? >>> Only in the case of wanting the same ID everywhere. >> In my understanding, the

Hi, I have a somewhat complicated Samba AD DC setup with four remote site AD DCs (connected via VPN). These DCs also act as file servers (yes, I read the warning in the documentation, but we don't have the resources to add separate file servers at each site and we would like each server to be a DC because of the sometimes flaky VPN connections). We have some notebook

Hi List, I am trying to setup samba PDC and samba file server for a small organization. I followed guidelines on samba wiki and Arch Linux wiki. I have two servers (10.21.0.2 PDC and 10.21.0.1 (file server) both with samba 4.10.6 installed. I joined 10.21.0.1 as domain member and decided to use idmap_ad backend and store uid and gid numbers on PDC. Now I have problems with id mapping

On 03/11/2020 13:05, O'Connor, Daniel wrote: > >> On 3 Nov 2020, at 23:21, Rowland penny via samba <samba at lists.samba.org> wrote: >> On 03/11/2020 12:17, O'Connor, Daniel wrote: >>> I tried setting uidNumber et al via the active directory editor and samba-ldbedit, however the mapping doesn't seem to change so I am wondering if it ends up stored