[Samba] samba 4.2.1 copy idmap...and problems with bi-directional sysvolsync.

Andrey Repin anrdaemon at yandex.ru
Tue Apr 28 14:16:20 MDT 2015 

Greetings, L.P.H. van Belle!

> Im try to get my id for administrator groups on both server the same.
>  
> with 4.1.17 the solution was simple.. 
> we stop samba on both servers. 
> scp /var/lib/samba/private/idmap.ldb root at 192.168.0.2:/var/lib/samba/private/
>  
> started samba, and the id's where the same. 
>  
> Im using winbindd now with samba 4.2.1 
> but... 
>  
> DC1:  id administrator
> uid=0(root) gid=100(users) groups=0(root),100(users),3000004(group policy
> creator owners),3000006(enterprise admins),
> 3000008(domain admins),3000007(schema admins),3000005(denied rodc password
> replication group),3000009(BUILTIN\users),
> 3000000(BUILTIN\administrators)

> id administrator
> uid=0(root) gid=100(users) groups=0(root),100(users),3000011(group policy
> creator owners),3000010(enterprise admins),
> 3000007(domain admins),3000009(schema admins),3000008(denied rodc password
> replication group),3000001(BUILTIN\users),
> 3000000(BUILTIN\administrators)

Louis... welcome to my everyday nightmare for the past month.

> see the differences here.. 
>  
> What am i missing.. 
> Because of this the bi-directional sysvol sync does not works ok !! 

How exactly you are syncing it?
  
> config used : 
> # Global parameters
> [global]
>         workgroup = BAZRTD
>         realm = ROTTERDAM.BAZUIN.NL
>         netbios name = RTD-DC2
>         server role = active directory domain controller
>         server services = -dns
>  
>         idmap_ldb:use rfc2307 = yes
>         idmap config * :backend = tdb
>         idmap config * :range = 2000-9999
>         idmap config BAZRTD : backend = ad
>         idmap config BAZRTD : range = 10000-3999999
>  
>         winbind nss info = rfc2307
>         winbind trusted domains only = no
>         winbind use default domain = yes

Aside from "idmap config <DOMAIN> : schema_mode = rfc2307" pointed by Rowland,
make sure you don't have overlapped UID's in idmap and SAM.


-- 
With best regards,
Andrey Repin
Tuesday, April 28, 2015 23:13:15

Sorry for my terrible english...

More information about the samba mailing list