[Samba] IDMAP dump and restore for second server.

Fri Mar 23 12:00:24 MDT 2012

Johan,

The tdb backend will not yield the same id's across multiple servers; 
however, the rid backend does.

When using rid, locate winbindd_cache.tdb and run tdbdump on that file 
to see the info stored by rid.

Dale

On 03/23/2012 5:51 AM, Johan Hendriks wrote:
> Thanks for the reply.
>
> probably my lack of understanding the whole thing is making it a little confusing for me.
>
> Is there a way to get the same id's on a second server.
> Now i have the same config on both servers, only the id numbers are different.
>
> Must i change
>> idmap config DOMAIN1 : backend = rid
>> idmap config DOMAIN1 : base_rid = 500
>> idmap config DOMAIN1 : range = 10000 - 29999
>>
>> idmap config DOMAIN2 : backend = rid
>> idmap config DOMAIN2 : base_rid = 500
>> idmap config DOMAIN2 : range = 30000 - 49999
> TO
>
>> idmap config DOMAIN1 : backend = tdb
>> idmap config DOMAIN1 : base_rid = 500
>> idmap config DOMAIN1 : range = 10000 - 29999
>>
>> idmap config DOMAIN2 : backend = tdb
>> idmap config DOMAIN2 : base_rid = 500
>> idmap config DOMAIN2 : range = 30000 - 49999
>
> thanks again.
>
>
> regards
> Johan Hendriks
>
>
>
> Hi,
>
> everything is fine:
>
> You are using the rid backend for your domains (DOMAIN1 and DOMAIN2). This is a purely algorithmical method for doing id mappings. These mappings are not stored in databases but calculated each time (at least when the cache entries expire).
>
> The default backend "tdb" is only used for anything but
> DOMAIN1 and DOMAIN2. Apparently you don't have a third real domain around, which is why there are so few mappings in the db and hence in the dump.
>
> Hope this helps.
>
> Cheers - Michael
>
>
> Johan Hendriks wrote:
>> Hello all.
>>
>> I use Samba 3.6.3 on FreeBSD in combination with ZFS, and it all works fine.
>> I use zfs send to receive my store on a backup machine and i want the users id to be the same as on the master server so to say.
>> Keeps my backups easy accessable with samba!
>>
>> Now i know i can dump the IDMAP database using the following: net idmap dump.
>>
>> I expect a whole bunch of lines,but i get the following, we around  70
>> users
>>
>> filer01 ~ # net idmap dump
>> dumping id mapping from /var/db/samba/winbindd_idmap.tdb GID 150004
>> S-1-5-11 GID 150005 S-1-5-32-546 USER HWM 150000 GID 150002 S-1-1-0
>> GID 150003 S-1-5-2 GROUP HWM 150006
>> filer01 ~ #
>>
>> Also a tdbdump /var/db/samba/winbind_idmap.tdb gives me a small amount of Lines.
>>
>> tdbdump /var/db/samba/winbindd_idmap.tdb {
>> key(11) = "GID 150002\00"
>> data(8) = "S-1-1-0\00"
>> }
>> {
>> key(9) = "S-1-5-11\00"
>> data(11) = "GID 150004\00"
>> }
>> {
>> key(13) = "S-1-5-32-546\00"
>> data(11) = "GID 150005\00"
>> }
>> {
>> key(11) = "GID 150005\00"
>> data(13) = "S-1-5-32-546\00"
>> }
>> {
>> key(11) = "GID 150003\00"
>> data(8) = "S-1-5-2\00"
>> }
>> {
>> key(9) = "USER HWM\00"
>> data(4) = "\F0I\02\00"
>> }
>> {
>> key(8) = "S-1-1-0\00"
>> data(11) = "GID 150002\00"
>> }
>> {
>> key(11) = "GID 150004\00"
>> data(9) = "S-1-5-11\00"
>> }
>> {
>> key(8) = "S-1-5-2\00"
>> data(11) = "GID 150003\00"
>> }
>> {
>> key(10) = "GROUP HWM\00"
>> data(4) = "\F6I\02\00"
>> }
>> {
>> key(14) = "IDMAP_VERSION\00"
>> data(4) = "\02\00\00\00"
>> }
>>
>> wbinfo -u and wbinfo -g as id username all works fine.
>>
>> The relevant config part (as far as i know)
>>
>> template homedir = /sanstorage/sambashare/home/%U winbind use default
>> domain = yes winbind cache time = 3600 winbind nested groups = yes
>> winbind separator = | winbind offline logon = yes winbind enum users =
>> yes winbind enum groups = yes winbind refresh tickets = yes allow
>> trusted domains = yes
>>
>> idmap config * : backend = tdb
>> idmap config * : range = 10000-80000
>>
>> idmap config DOMAIN1 : backend = rid
>> idmap config DOMAIN1 : base_rid = 500
>> idmap config DOMAIN1 : range = 10000 - 29999
>>
>> idmap config DOMAIN2 : backend = rid
>> idmap config DOMAIN2 : base_rid = 500
>> idmap config DOMAIN2 : range = 30000 - 49999
>>
>> Is there a problem , or am i missing something.
>> I have been googling a lot, but could not find something related.
>>
>> Thanks for your time
>>
>> Regards
>> Johan Hendriks
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba