Enabling idmap_ldb:use rfc2307 = yes on 2 DCs

[Daniele Dario]

Hi list,
after I create a new user on the domain I've seen that also the old
users UIDs and group GIDs become the same on both DCs.

Enabling rfc2307 works (at leas for me).

Cheers,
Daniele.

On Fri, 2012-09-21 at 10:10 +0200, Daniele Dario wrote:
> Hi list,
> 
> On Thu, 2012-09-20 at 12:01 +0200, Daniele Dario wrote:
> > Hi list,
> > is there a way to enable idmap_ldb:use rfc2307 if I already have 2
> > working AD DCs in my domain?
> > 
> > Should I just add the line on smb.conf and restart samba on the DCs?
> > 
> > I've also read that nss should be configured for winbind: does this mean
> > that I have to modify /etc/nsswitch.conf? If yes, could someone point me
> > in what and how to change it?
> > 
> > Thanks in advance,
> > Daniele.
> > 
> 
> I backed up var etc private and updated samba to rc1 on both DCs than I
> added idmap_ldb:use rfc2307 = Yes to smb.conf.
> 
> I run samba-tool dbcheck --cross-ncs and no errors where found so I
> started samba (I did this once per DC).
> 
> As per samba4/winbind howto at
> http://wiki.samba.org/index.php/Samba4/Winbind I added the links for
> libnss_winbind.so and libnss_winbind.so.2 in /lib and
> modified /etc/nsswitch.conf and now id username shows the correct
> information about the given username.
> 
> Now if I create a new user it's UID is the same on both DCs but the
> problem is that the UIDs and GIDs of the previously created users/groups
> are not the same on the 2 DCs I guess because they were created without
> specifying idmap_ldb:use rfc2307 = Yes in smb.conf.
> 
> Does anyone know if it is possible to fix this?
> 
> If I demote the "secondary" DC and than re-join it would it apply the
> rfc2307 statement?
> Should I do it in two ways (demote secondary and rejoin it and than
> demote primary and rejoin it)?
> 
> Thanks in advance,
> Daniele.
> 
>