[Samba] posix gid mapping of built-in groups
Sven Schwedas
sven.schwedas at tao.at
Mon Jun 23 06:40:42 MDT 2014
On 2014-06-23 13:32, Henrik Langos wrote:
> Hi Louis,
>
> Thank you for the link. I've seen your scripts before and it was on my
> todo list to check it out and maybe even update the wiki
> with a reference to it: https://wiki.samba.org/index.php/SysVol_Replication
>
> However, my problem arises from not having Windows AD groups mapped to
> the same posix uidnumber on all AD DCs, not from having changes made on
> different DCs.
>
> Is there a down side to providing posix gid numbers to all AD built-in
> groups?
> Does anybody have experience with that approach?
As far as I know, there is no downside, and it might even be necessary
for winbind; we're running with Posix attributes on all our groups
without issues so far.
>
> cheers
> -henrik
>
>
> On 06/20/14 09:58, L.P.H. van Belle wrote:
>> Hai,
>>
>> I suggest try my script or if you not on ubuntu/debian read the script
>> and adapt it to your os.
>> Maybe this works for you with the winbind setup, i dont know but you
>> can try it.
>> Im using this now for about 1 month without problems, and i can change
>> GPO settings on any DC now.
>>
>> https://secure.bazuin.nl/scripts/3-setup-sysvol-bidirectional.sh
>>
>>
>> Best regards,
>>
>> Louis
>>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: hlangos-samba at innominate.com
>>> [mailto:samba-bounces at lists.samba.org] Namens Henrik Langos
>>> Verzonden: vrijdag 20 juni 2014 9:52
>>> Aan: samba at lists.samba.org
>>> Onderwerp: [Samba] sysvol replication and posix uid / gid mapping
>>>
>>> Hi,
>>>
>>> I just found out the hard way that sysvol replication with
>>> rsync stoped
>>> working when I activated winbind (libnss-winbind actually) on
>>> my primary
>>> AD DC.
>>>
>>> Originally I hadn't planed to activate winbind on the primary AD DC
>>> since that machine was not meant to provide any shares.
>>> What I hadn't thought of was the fact that GPOs reside as files on the
>>> sysvol share and thus are subject to the same rules as any
>>> other files.
>>> Now I activated winbind and those files now belong to a non-numeric
>>> group and rsync complains.
>>>
>>> Maybe a hint in that regard on
>>> https://wiki.samba.org/index.php/SysVol_Replication would be nice.
>>>
>>> What is the best practice in regard to all those groups like "Domain
>>> Admins" "Printer Operators" and so on?
>>> Should those get posix uid/gid numbers? Could somebody point me in the
>>> right direction?
>>>
>>> Thanks
>>> -henrik
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
>
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20140623/6a89ec61/attachment.pgp>
More information about the samba
mailing list