Enabling idmap_ldb:use rfc2307 = yes on 2 DCs

Daniele Dario d.dario76 at gmail.com
Mon Sep 24 04:28:44 MDT 2012

Hi steve,

On Fri, 2012-09-21 at 17:10 +0200, steve wrote:
> On 21/09/12 10:10, Daniele Dario wrote:
> >
> > Now if I create a new user it's UID is the same on both DCs but the
> > problem is that the UIDs and GIDs of the previously created users/groups
> > are not the same on the 2 DCs I guess because they were created without
> > specifying idmap_ldb:use rfc2307 = Yes in smb.conf.
> >
> > Does anyone know if it is possible to fix this?
> Hi
> As we understand it:
> idmap_ldb:use rfc2307 = yes
> Means that uidNumber and gidNumber are pulled from the directory as 
> opposed to idmap.ldb.
> For users, we added:
> objectClass: posixAccount
> uidNumber: abc
> gidNumber: xyz
> and for groups:
> objectClass: posixGroup
> gidNumber: xyz
> I think that your old users and groups will lack these entries and so 
> samba will fall back to idmap to get the information for uidNumber and 
> gidNumber.
> Steve

thanks for sharing this. Can you please clarify what you mean with "we
added: objectClass: posixAccount ...".

After I added the rfc2307 = yes option to both DCs and restarted them I
added a new user and after that it seemed that all users UIDs to be the
same between the DCs but after a new restart of samba I've seen that it
does not work so I'm wondering if I have to re-provision and re-join to
get it working.


More information about the samba-technical mailing list