wellknown and uid/gid interactions on multi DC samba AD domain
steve
steve at steve-ss.com
Wed May 14 04:33:01 MDT 2014
On Wed, 2014-05-14 at 12:23 +0200, Daniele Dario wrote:
>
>
> Now as you said the uids/gids are the same on the 2 DCs so again thanks.
>
Well done.
> I have a question about the sysvol: I noticed that the group of the
> sysvol folder is different on the two DCs.
> On the 1st DC (4.1.0):
> [root at kdc01:locks]# ls -n sysvol/
> total 8
> drwxrwx---+ 4 0 4 4096 Sep 24 2012 saitel.loc
>
> On the 2nd DC (4.1.7):
> [root at kdc03:locks]# ls -n sysvol/
> total 8
> drwxrwx---+ 4 0 3000000 4096 May 8 16:18 saitel.loc
>
> [root at kdc03:locks]# wbinfo -G 3000000
> S-1-5-32-544
> [root at kdc03:locks]# wbinfo -s S-1-5-32-544
> BUILTIN\Administrators 4
>
> If I read it correctly BUILTIN\Administrators should be mapped as 4 so
> same as on the other one.
What does S-1-5-32-544 look like in the respective idmap.ldb dbs?
>
> Did I forgot something?
>
> Regards,
> Daniele.
>
How does sysvol get from DC1 to DC2?
Try samba-tool ntacl sysvolreset on both
then compare the output of getfacl
Do gpos work if you lose DC2?
HTH
Steve
More information about the samba-technical
mailing list