[Samba] matching id's for ADC and member server

Rowland Penny rowlandpenny at googlemail.com
Tue Nov 26 05:46:41 MST 2013 

On 26/11/13 12:08, L.P.H. van Belle wrote:
> Hai,
>   
> Im bit lost.
>   
> I've installed a member server with winbind.  ( samba 4.1.2 (sernet) )
> the server joined the domain without any problems.
>   
> when i type getent passwd on the ADC server, im getting:  ( and is ok )
>   
> ROTTERDAM\Administrator:*:0:100::/home/users/%U:/bin/bash
> ROTTERDAM\Guest:*:3000002:3000003::/home/users/%U:/bin/bash
> ROTTERDAM\krbtgt:*:3000020:100::/home/users/%U:/bin/bash
> ROTTERDAM\Admin:*:3000021:100:Admin:/home/users/%U:/bin/bash
>   
> on the member server, also looks ok, but different id's
> ROTTERDAM\administrator:*:70001:70001:Administrator:/home/users/administrator:/bin/bash
> ROTTERDAM\guest:*:70002:70002:Guest:/home/users/guest:/bin/bash
> ROTTERDAM\admin:*:70003:70001:Admin:/home/users/admin:/bin/bash
>   
> wbinfo -u
> wbinfo -g
> wbinfo -i username
>   
> all work fine on both servers.
>
>
>   
>   
> 2 questions,
>   
> how can i match the UserID and GroupIDs between the member and ADC server.
>   
>   
> And why do i see this :
>   
> (member server)
> ROTTERDAM\administrator
>   
> (ADC server)
> ROTTERDAM\Administrator
>   
> small thing but just a question
>   
>   
>   
> On the ADC server i have in smb.conf :  ( almost all settings )
>          server role = active directory domain controller
>          server services = s3fs rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate
>          idmap_ldb:use rfc2307 = yes
>          wins support = yes
>          template homedir = /home/users/%U
>          template shell = /bin/bash
>   
> On the member server i have in smb.conf :  ( almost all settings )
>   
>     idmap config ROTTERDAM:backend = ad
>     idmap config ROTTERDAM:schema_mode = rfc2307
>
>     winbind trusted domains only = no
>     winbind use default domain = yes
>     winbind enum users  = yes
>     winbind enum groups = yes
>
>      template homedir = /home/users/%U
>      template shell = /bin/bash
>
> where did i go wrong?
>   
> Louis
>   
>
To get the same uid & gid numbers on the server & clients, you need to 
add uidNumber & gidNumber to each user and group you want to use with unix.

The problem is that S4 winbind != S3 winbind, also I suggest you remove 
the line 'template homedir = /home/users/%U' from the AD DC, no doubt 
you have noticed why.

Rowland

More information about the samba mailing list