Samba4: idmap replication between 2 DC's
steve
steve at steve-ss.com
Thu Jul 12 06:43:18 MDT 2012
On 12/07/12 11:25, Andrew Bartlett wrote:
> On Wed, 2012-07-11 at 21:23 +0200, Gémes Géza wrote:
>> 2012-07-11 10:58 keltezéssel, steve írta:
>>> Hi
>>> Is it possible to get idmap.ldb replicated across 2 DC's as well as
>>> the directory partitions?
>>>
>>> I make changes to id mappings for our Linux users. This is not a
>>> problem with NFS, but becomes an issue when Linux users are working on
>>> cifs mounted shares. The uidNumber issued by DC2 is not the same as
>>> the uidNumber issued by DC1.
>>>
>>> Cheers,
>>> Steve
>> Hi Steve,
>>
>> If you put
>> idmap_ldb:use rfc2307 = yes
>> in your smb.conf then setting the uids gids in AD will guarantee that
>> they are the same across your samba4/s3fs servers, because then they
>> will get that from AD instead of their private idmap (with a fail-back
>> to idmap, if the entry has no uid/gid set).
>
> Gémes,
>
> Indeed, this is exactly the purpose for which this was implemented. I'm
> glad you find it useful!
>
> Andrew Bartlett
>
Hi everyone
But as you can see with my examples, this does not work. Maybe this only
works with one DC?
Create a <user> with rfc2307 attributes on DC1.
Running wbinfo -i <user> on DC2 ignores the uidNumber and adds it's own
unrelated xidNumber to idmap.ldb causing uidNumber clashes with existing
users.
If I set uidNumber to x then we need it to be x everywhere, not just on
one DC
Cheers,
Steve
More information about the samba-technical
mailing list