Samba4: idmap replication between 2 DC's
abartlet at samba.org
Thu Jul 12 16:58:44 MDT 2012
On Thu, 2012-07-12 at 18:47 +0200, steve wrote:
> On 12/07/12 15:11, Andrew Bartlett wrote:
> > On Thu, 2012-07-12 at 14:43 +0200, steve wrote:
> >> On 12/07/12 11:25, Andrew Bartlett wrote:
> >>> On Wed, 2012-07-11 at 21:23 +0200, Gémes Géza wrote:
> >>>> 2012-07-11 10:58 keltezéssel, steve írta:
> > Steve,
> > Then I think your task is clear. Please add whatever debugging you feel
> > is required to the relevant idmap code and work out why the mappings are
> > not returned.
> > Thanks,
> Hi Andrew, hi everyone
> I am getting closer. To begin with,
> samba-tool user add <user>
> always creates an entry in idmap.ldb
> If we want
> idmap_ldb:use rfc2307 = yes
> to work, we must delete the entry in idmap.ldb immediately after the
> user is created.
Can you investigate how this happens? I can't see what would do that in
> That solves the problem for uidNumber on both DC1 and DC2. We can easily
> change our useredd scripts to do that after we have added the necessary
> rfc2307 attributes and classes.
> For groups however removing the idmap.ldb entry does not work. Upon a
> wbinfo --group-info=<group> a new entry is created in idmap.ldb.
> Is this correct? Once again, this causes problems as the idmap entries
> on the replicating DC's are not the same.
> Can we get the gidNumber to be read from the directory too?
The gidNumber for groups should be read from the directory. Please
investigate if this isn't happening.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical