[Samba] Question about samba 4 member server of a pure Windows AD
Sébastien Le Ray
sebastien-samba at orniz.org
Mon Aug 3 08:17:09 UTC 2015
Hi,
What you're trying to do is mixing RID and rfc2307. This is not possible.
I've the same kind of issue here (Samba 3 migrated DC with samba unix
users created in the same range as regular unix users), but still use
rfc2307 so I can renumber users one by one as follow :
* Save old uid (1000-2000 range)
* Give a new one (10000+ range)
* Launch a command like (multiple -e are possible) on every unix
computer having shares
o find | while read file; do echo getfacl "$file" | sed -e
"s,user:olduid:,user:newuid:," | setfacl --set-file=- "$file"; done
* What for user support ticket escalation :-)
If your Windows AD does not use rf2307, you can switch to rid but then
you'll have to perform the whole ACL change at once (since rf2307 allows
me to choose UID I can perform the changes smoothly along time).
Regards
Le 03/08/2015 09:43, Stéphane PURNELLE a écrit :
> Hi,
>
> A account created with samba3/ldap (created before 2014-02-20):
>
> SID: S-1-5-21-XXXXXXXXXX-XXXXXXXXX-XXXXXXXXXX-3216
> UidNumber : 1108
>
> A account created with Users and computers (samba 4 AD DC)
>
> SID: S-1-5-21-XXXXXXXXXX-XXXXXXXXX-XXXXXXXXXX-5878
> uidNumber : 10023
>
>
> My actual config (in file-server) :
> idmap config XXXXXX:backend = ad
> idmap config XXXXXX:schema_mode = rfc2307
> idmap config XXXXXX:range = 1005-40000
>
> If I apply RID backend :
>
> ID = RID - BASE_RID + LOW_RANGE_ID.
>
> For the first account :
> 3216 - 0 + 1005 = 4221 => bad must be 1108
>
> For the latest created account :
> 5878 - 0 + 1005 = 6883 => bad must be 10023
>
> if generated uidNumber not the same that actual uidNumber, I will lose my
> ACL.
>
> regards
>
> Stéphane Purnelle
>
More information about the samba
mailing list