wellknown and uid/gid interactions on multi DC samba AD domain

Daniele Dario d.dario76 at gmail.com
Tue May 13 08:21:16 MDT 2014

Hi samba team and list,
I have a small AD domain (more or less 25 users) with 2 samba DCs.
First one is also serving as dhcp on the network while the second one is
also acting as file server.
Now I'd add a new (domain member or DC) server which would be used to
backup the network shares and I was thinking to use rsync to backup data
from the shares preserving ownerships an permissions.
The problem is that (from what I understood googling and reading from
samba wiki) the only way to have the same uid/gid on different machines
is to pull them from AD enabling idmap_ldb:use rfc2307 = yes in smb.conf
and adding via ldif ObjectClass parameters (posixAccount and posixGroup)
to user/groups objects.
In the past I tried to do that for all the users/groups (stupid me)
including also the wellknown (at least I think these are the
Domain Admins
and this screwed up almost everything because it happened that I mapped
some object on one DC on something that was already used on the other by
some "wellknown" user/group.
Luckily Andrew Bartlett helped me to restore the situation.
Now I'd try again so can somebody address me on the right way to proceed
or suggest alternative ways to backup data?

Which would be the objects to "posixify"?
Only users/groups I created on the domain?
Also machine accounts have to be posixified?
Is there a way to be sure to avoid overlappings?

Last but not least, many thanks for the great work you are doing with
samba and its documentation.


More information about the samba-technical mailing list