wellknown and uid/gid interactions on multi DC samba AD domain

Rowland Penny repenny241155 at gmail.com
Wed May 14 07:07:49 MDT 2014 

On 14/05/14 14:06, Daniele Dario wrote:
>
> On mer, 2014-05-14 at 14:02 +0100, Rowland Penny wrote:
>> On 14/05/14 13:57, Daniele Dario wrote:
>>> On mer, 2014-05-14 at 13:36 +0100, Rowland Penny wrote:
>>>> On 14/05/14 13:26, Daniele Dario wrote:
>>>>> Hi again,
>>>>>
>>>>> On mer, 2014-05-14 at 12:33 +0200, steve wrote:
>>>>>> On Wed, 2014-05-14 at 12:23 +0200, Daniele Dario wrote:
>>>>>>> Now as you said the uids/gids are the same on the 2 DCs so again thanks.
>>>>>>>
>>>>>> Well done.
>>>>>>
>>>>>>> I have a question about the sysvol: I noticed that the group of the
>>>>>>> sysvol folder is different on the two DCs.
>>>>>>> On the 1st DC (4.1.0):
>>>>>>> [root at kdc01:locks]# ls -n sysvol/
>>>>>>> total 8
>>>>>>> drwxrwx---+ 4 0 4 4096 Sep 24  2012 saitel.loc
>>>>>>>
>>>>>>> On the 2nd DC (4.1.7):
>>>>>>> [root at kdc03:locks]# ls -n sysvol/
>>>>>>> total 8
>>>>>>> drwxrwx---+ 4 0 3000000 4096 May  8 16:18 saitel.loc
>>>>>>>
>>>>>>> [root at kdc03:locks]# wbinfo -G 3000000
>>>>>>> S-1-5-32-544
>>>>>>> [root at kdc03:locks]# wbinfo -s S-1-5-32-544
>>>>>>> BUILTIN\Administrators 4
>>>>>>>
>>>>>>> If I read it correctly BUILTIN\Administrators should be mapped as 4 so
>>>>>>> same as on the other one.
>>>>>> What does S-1-5-32-544 look like in the respective idmap.ldb dbs?
>>>>> On kdc01 I get
>>>>> # record 53
>>>>> dn: CN=S-1-5-32-544
>>>>> cn: S-1-5-32-544
>>>>> objectClass: sidMap
>>>>> objectSid: S-1-5-32-544
>>>>> type: ID_TYPE_GID
>>>>> xidNumber: 4
>>>>> distinguishedName: CN=S-1-5-32-544
>>>> Have you altered idmap.ldb ?? if you find 'idmap_init.ldif' on your
>>>> system, it should contain this:
>>>>
>>>> dn: CN=CONFIG
>>>> cn: CONFIG
>>>> lowerBound: 3000000
>>>> upperBound: 4000000
>>>>
>>>> dn: @INDEXLIST
>>>> @IDXATTR: xidNumber
>>>> @IDXATTR: objectSid
>>>>
>>>> and '4' is a lot lower than '3000000' ;-)
>>>>
>>>> Rowland
>>>>
>>> No I didn't. Would it be possible that when I provisioned the domain
>>> (can't remember the right number but it was one of the latest alpha
>>> releases) it was different?
>> Possibly, I think that we need to find out just what version you are
>> running, 'samba -V' should give us this.
> Sorry but samba -V tells 4.1.0 on kdc01 because I upgraded it almost on
> every release until 4.1.0 has been released.
>
>>> And what about the difference in type? On the older I have type:
>>> ID_TYPE_GID and in the newly added I have type: ID_TYPE_BOTH.
>> I seem to remember there being a problem like this, but cannot remember
>> just when.
>>
>> Rowland
>>
>>> Daniele.
>>>
>
Could you please post the smb.conf from both DC's

Rowland

More information about the samba-technical mailing list