wellknown and uid/gid interactions on multi DC samba AD domain

Daniele Dario d.dario76 at gmail.com
Wed May 14 07:06:04 MDT 2014 


On mer, 2014-05-14 at 14:02 +0100, Rowland Penny wrote:
> On 14/05/14 13:57, Daniele Dario wrote:
> >
> > On mer, 2014-05-14 at 13:36 +0100, Rowland Penny wrote:
> >> On 14/05/14 13:26, Daniele Dario wrote:
> >>> Hi again,
> >>>
> >>> On mer, 2014-05-14 at 12:33 +0200, steve wrote:
> >>>> On Wed, 2014-05-14 at 12:23 +0200, Daniele Dario wrote:
> >>>>> Now as you said the uids/gids are the same on the 2 DCs so again thanks.
> >>>>>
> >>>> Well done.
> >>>>
> >>>>> I have a question about the sysvol: I noticed that the group of the
> >>>>> sysvol folder is different on the two DCs.
> >>>>> On the 1st DC (4.1.0):
> >>>>> [root at kdc01:locks]# ls -n sysvol/
> >>>>> total 8
> >>>>> drwxrwx---+ 4 0 4 4096 Sep 24  2012 saitel.loc
> >>>>>
> >>>>> On the 2nd DC (4.1.7):
> >>>>> [root at kdc03:locks]# ls -n sysvol/
> >>>>> total 8
> >>>>> drwxrwx---+ 4 0 3000000 4096 May  8 16:18 saitel.loc
> >>>>>
> >>>>> [root at kdc03:locks]# wbinfo -G 3000000
> >>>>> S-1-5-32-544
> >>>>> [root at kdc03:locks]# wbinfo -s S-1-5-32-544
> >>>>> BUILTIN\Administrators 4
> >>>>>
> >>>>> If I read it correctly BUILTIN\Administrators should be mapped as 4 so
> >>>>> same as on the other one.
> >>>> What does S-1-5-32-544 look like in the respective idmap.ldb dbs?
> >>> On kdc01 I get
> >>> # record 53
> >>> dn: CN=S-1-5-32-544
> >>> cn: S-1-5-32-544
> >>> objectClass: sidMap
> >>> objectSid: S-1-5-32-544
> >>> type: ID_TYPE_GID
> >>> xidNumber: 4
> >>> distinguishedName: CN=S-1-5-32-544
> >> Have you altered idmap.ldb ?? if you find 'idmap_init.ldif' on your
> >> system, it should contain this:
> >>
> >> dn: CN=CONFIG
> >> cn: CONFIG
> >> lowerBound: 3000000
> >> upperBound: 4000000
> >>
> >> dn: @INDEXLIST
> >> @IDXATTR: xidNumber
> >> @IDXATTR: objectSid
> >>
> >> and '4' is a lot lower than '3000000' ;-)
> >>
> >> Rowland
> >>
> > No I didn't. Would it be possible that when I provisioned the domain
> > (can't remember the right number but it was one of the latest alpha
> > releases) it was different?
> 
> Possibly, I think that we need to find out just what version you are 
> running, 'samba -V' should give us this.

Sorry but samba -V tells 4.1.0 on kdc01 because I upgraded it almost on
every release until 4.1.0 has been released.

> 
> >
> > And what about the difference in type? On the older I have type:
> > ID_TYPE_GID and in the newly added I have type: ID_TYPE_BOTH.
> 
> I seem to remember there being a problem like this, but cannot remember 
> just when.
> 
> Rowland
> 
> > Daniele.
> >
>

More information about the samba-technical mailing list