[Samba] [INTERNET] Re: Re: Samba 4 DC - idmap config on a samba 4 member server

BOTZ Franck (Informaticien) - DDT 67/SG/MGI/CI franck.botz at bas-rhin.gouv.fr
Thu Feb 21 05:34:11 MST 2013


>> Hello
>>
>> I test your solution but if "getent" return all users and groups (AD +
>> local), all have the same UID/GID. Strange ...
>>
>> This morning I commented idmap config DDCS67:range = 500-40000 and it
>> works !! ADs users/groups
>>
> I am testing idmap_ad as well and I have lot of issue with idmap_ad but I was
> thinking that it's because I haven't provision with rfc2307 at that time.
Perhaps, but how doing that on a member server ?

I use provisionning on the first DC (DC1). Next DC2 synchronize itself. 
For the member, no synchronization biut writing a smb.conf with (or not) 
the idmap.
> When you say it work, do you mean that the returned uid/gid are the ones
> stored in the directorie (uidNumber/gidNumber) ?
>
> thanks
Yes.

Here is the result of a getfacl ./ on a directory on the member server

Domain Users, administrator, sg-ci are AD groups.

getfacl ./

# file: .
# owner: administrator
# group: domain\040users
user::rwx
user:administrator:rwx
group::---
group:domain\040users:---
group:domain\040admins:rwx
group:sg-ci:rwx
mask::rwx
other::---
default:user::rwx
default:user:administrator:rwx
default:group::---
default:group:domain\040users:---
default:group:domain\040admins:rwx
default:group:sg-ci:rwx
default:mask::rwx
default:other::---


More information about the samba mailing list