Samba4: idmap replication between 2 DC's
abartlet at samba.org
Thu Jul 12 07:11:22 MDT 2012
On Thu, 2012-07-12 at 14:43 +0200, steve wrote:
> On 12/07/12 11:25, Andrew Bartlett wrote:
> > On Wed, 2012-07-11 at 21:23 +0200, Gémes Géza wrote:
> >> 2012-07-11 10:58 keltezéssel, steve írta:
> >>> Hi
> >>> Is it possible to get idmap.ldb replicated across 2 DC's as well as
> >>> the directory partitions?
> >>> I make changes to id mappings for our Linux users. This is not a
> >>> problem with NFS, but becomes an issue when Linux users are working on
> >>> cifs mounted shares. The uidNumber issued by DC2 is not the same as
> >>> the uidNumber issued by DC1.
> >>> Cheers,
> >>> Steve
> >> Hi Steve,
> >> If you put
> >> idmap_ldb:use rfc2307 = yes
> >> in your smb.conf then setting the uids gids in AD will guarantee that
> >> they are the same across your samba4/s3fs servers, because then they
> >> will get that from AD instead of their private idmap (with a fail-back
> >> to idmap, if the entry has no uid/gid set).
> > Gémes,
> > Indeed, this is exactly the purpose for which this was implemented. I'm
> > glad you find it useful!
> > Andrew Bartlett
> Hi everyone
> But as you can see with my examples, this does not work. Maybe this only
> works with one DC?
> Create a <user> with rfc2307 attributes on DC1.
> Running wbinfo -i <user> on DC2 ignores the uidNumber and adds it's own
> unrelated xidNumber to idmap.ldb causing uidNumber clashes with existing
> If I set uidNumber to x then we need it to be x everywhere, not just on
> one DC
Then I think your task is clear. Please add whatever debugging you feel
is required to the relevant idmap code and work out why the mappings are
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical