[Samba] Samba4 domain member

L.P.H. van Belle belle at bazuin.nl
Tue Jul 1 03:15:58 MDT 2014


and.  

>there appear to
>be some anomalies with the uid numbering. For example, one 
>users' uid on
>the main DC will be completely different to the same user on my domain
>member. A good majority of them are correct which has fooled me into
>thinking that the server is good for production, but as we've 
>added other
>shares to this machine these discrepancies have become more apparent.
>
>Has anyone else hit similar numbering problems?

That is correct, adviced is 
to use the DC only as DC and not as fileserver, this solves your UID problem with the member server.
And IF you need the DC also as file server, you should look to for example and other implementation for winbind. 

read this : 
https://wiki.samba.org/index.php/Local_user_management_and_authentication

and you should read this page (again)  ;-) 
http://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
and 
http://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC

Louis


>-----Oorspronkelijk bericht-----
>Van: chrisa at acs-info.co.uk 
>[mailto:samba-bounces at lists.samba.org] Namens Chris Alavoine
>Verzonden: dinsdag 1 juli 2014 11:08
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] Samba4 domain member
>
>Hi gents,
>
>I have a problem with winbindd uid/gid numbering on my Samba4 
>domain member
>server.
>
>This is my smb.conf:
>
>[global]
>
>   netbios name = DOM-MEMBER
>   workgroup = EXAMPLE
>   security = ADS
>   realm = EXAMPLE.COM
>
>   encrypt passwords = yes
>
>   idmap config *:backend = tdb
>   idmap config *:range = 500-100000
>   idmap config ESSENCE:backend = ad
>   idmap config ESSENCE:schema_mode = rfc2307
>   idmap config ESSENCE:range = 500-100000
>
>   winbind nss info = rfc2307
>
>   winbind trusted domains only = no
>   winbind use default domain = yes
>   winbind enum users  = yes
>   winbind enum groups = yes
>
>   log level = 0
>
>   vfs objects = acl_xattr
>   map acl inherit = Yes
>   store dos attributes = Yes
>
>
>
>[it_support]
>   path = /data/it_support
>   read only = no
>
>
>
>
>At first glance this appears to work ok. I am seeing lots of 
>entries with
>getent passwd and groups appear to work correctly. However, 
>there appear to
>be some anomalies with the uid numbering. For example, one 
>users' uid on
>the main DC will be completely different to the same user on my domain
>member. A good majority of them are correct which has fooled me into
>thinking that the server is good for production, but as we've 
>added other
>shares to this machine these discrepancies have become more apparent.
>
>Has anyone else hit similar numbering problems?
>
>Thanks,
>Chris.
>
>
>-- 
>ACS (Alavoine Computer Services Ltd)
>Chris Alavoine
>mob +44 (0)7724 710 730
>www.alavoinecs.co.uk
>http://twitter.com/#!/alavoinecs
>http://www.linkedin.com/pub/chris-alavoine/39/606/192
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>



More information about the samba mailing list