Samba4: idmap replication between 2 DC's
Michael Adam
obnox at samba.org
Thu Jul 12 07:14:00 MDT 2012
Andrew Bartlett wrote:
> On Wed, 2012-07-11 at 21:23 +0200, Gémes Géza wrote:
> > 2012-07-11 10:58 keltezéssel, steve írta:
> > > Hi
> > > Is it possible to get idmap.ldb replicated across 2 DC's as well as
> > > the directory partitions?
> > >
> > > I make changes to id mappings for our Linux users. This is not a
> > > problem with NFS, but becomes an issue when Linux users are working on
> > > cifs mounted shares. The uidNumber issued by DC2 is not the same as
> > > the uidNumber issued by DC1.
> > >
> > > Cheers,
> > > Steve
> > Hi Steve,
> >
> > If you put
> > idmap_ldb:use rfc2307 = yes
> > in your smb.conf then setting the uids gids in AD will guarantee that
> > they are the same across your samba4/s3fs servers, because then they
> > will get that from AD instead of their private idmap (with a fail-back
> > to idmap, if the entry has no uid/gid set).
>
> Gémes,
>
> Indeed, this is exactly the purpose for which this was implemented. I'm
> glad you find it useful!
If I read the code correctly, the s4-idmap code only reads the
rfc 2307 attributest but does not write to them. New mappings are
created in the idmap.ldb always.
This is confusing.
Shouldn't we add a mode where new mappings are also created in
the sam's posix attributes if the "use rfc" is on?
Cheers - Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120712/b690b761/attachment.pgp>
More information about the samba-technical
mailing list