[Samba] Need help with roaming profiles
Rowland penny
rpenny at samba.org
Tue Jun 30 09:23:17 UTC 2020
On 30/06/2020 09:50, Anders Östling wrote:
>> You have 'workgroup = HPLTS' and 'idmap config dg11', again, they must match
> As I wrote in the previous reply, that was a mistake from the initial
> deployment. However, I have a copy of the VM and when I corrected DG11
> to HLPTS and restarted the services, this happes:
>
> getent group "Oldgroup" returns a value in the 10000 range (as
> specified in the idmap config * statement).
If 'oldgroup' isn't in the the 'HLPTS' domain, this is to be expected.
> I now created a new group in the domain, and expected to get a value
> in the range 30000 (as specified in the idmap config HPTLS statement).
You should.
> Again, I probably don't understand the different backends (tdb vs rid)
> functions enough.
The default domain '*' uses tdb and is an allocating db, the 'rid'
backend for your HPTLS domain uses the AD objects RID to calculate the
Unix ID.
> The new group was given a id of 10032, so it seems
> as if the * statement still is the used range. Is this expected
> behaviour?
No, it isn't, if the group exists in AD and the AD domain name is
'HPTLS' , from what you have posted, I would expect the Unix ID to start
with a '3'. Have you run 'net cache flush' ?
> In the meantime, I will try to read up on the backend's and
> get a better understanding.
tdb is only used for the '*' domain, ID's start from the lower number
you set in smb.conf
rid is used for the DOMAIN domain (HPTLS in your case), ID's are
calculated by adding the objects rid to the lower number you set in
smb.conf. For instance Domain Users ID will be 30000 + 513 = 30513
Rowland
More information about the samba
mailing list