wellknown and uid/gid interactions on multi DC samba AD domain

Daniele Dario d.dario76 at gmail.com
Wed May 14 06:57:55 MDT 2014



On mer, 2014-05-14 at 13:36 +0100, Rowland Penny wrote:
> On 14/05/14 13:26, Daniele Dario wrote:
> > Hi again,
> >
> > On mer, 2014-05-14 at 12:33 +0200, steve wrote:
> >> On Wed, 2014-05-14 at 12:23 +0200, Daniele Dario wrote:
> >>> Now as you said the uids/gids are the same on the 2 DCs so again thanks.
> >>>
> >> Well done.
> >>
> >>> I have a question about the sysvol: I noticed that the group of the
> >>> sysvol folder is different on the two DCs.
> >>> On the 1st DC (4.1.0):
> >>> [root at kdc01:locks]# ls -n sysvol/
> >>> total 8
> >>> drwxrwx---+ 4 0 4 4096 Sep 24  2012 saitel.loc
> >>>
> >>> On the 2nd DC (4.1.7):
> >>> [root at kdc03:locks]# ls -n sysvol/
> >>> total 8
> >>> drwxrwx---+ 4 0 3000000 4096 May  8 16:18 saitel.loc
> >>>
> >>> [root at kdc03:locks]# wbinfo -G 3000000
> >>> S-1-5-32-544
> >>> [root at kdc03:locks]# wbinfo -s S-1-5-32-544
> >>> BUILTIN\Administrators 4
> >>>
> >>> If I read it correctly BUILTIN\Administrators should be mapped as 4 so
> >>> same as on the other one.
> >> What does S-1-5-32-544 look like in the respective idmap.ldb dbs?
> > On kdc01 I get
> > # record 53
> > dn: CN=S-1-5-32-544
> > cn: S-1-5-32-544
> > objectClass: sidMap
> > objectSid: S-1-5-32-544
> > type: ID_TYPE_GID
> > xidNumber: 4
> > distinguishedName: CN=S-1-5-32-544
> 
> Have you altered idmap.ldb ?? if you find 'idmap_init.ldif' on your 
> system, it should contain this:
> 
> dn: CN=CONFIG
> cn: CONFIG
> lowerBound: 3000000
> upperBound: 4000000
> 
> dn: @INDEXLIST
> @IDXATTR: xidNumber
> @IDXATTR: objectSid
> 
> and '4' is a lot lower than '3000000' ;-)
> 
> Rowland
> 

No I didn't. Would it be possible that when I provisioned the domain
(can't remember the right number but it was one of the latest alpha
releases) it was different?

And what about the difference in type? On the older I have type:
ID_TYPE_GID and in the newly added I have type: ID_TYPE_BOTH.

Daniele.



More information about the samba-technical mailing list