[Samba] Samba 4 Consistent uid gid mapping across servers.

Gints Neimanis gintsn at gmail.com
Fri Oct 25 08:22:43 MDT 2013 

On 10/24/2013 11:08 PM, Wayne L. Andersen wrote:
> Please make good backups vefore doing any of this, and make sure you 
> double check your edits. This can trash your schema if you are careless.
>
> I was able to get this working by editing the 
> /usr/local/src/samba-4.1.0/source4/setup/ypServ30.ldif file to match 
> my domain.
>
> I had to change the macros in the file to matc my domain:
> ${DOMAINDN} = DC=CORP,DC=SAMDOM,DC=COM
> ${NISDOMAIN} = CN=CORP
> ${NETBIOSNAME] = CORP
>
> Be careful to make sure to get these correct.
>
> Then using this command to apply the changes.
>
> /usr/local/samba/bin/ldbmodify -H 
> /usr/local/samba/private/sam.ldb.d/DC%3DCORP,DC%3DCLIMA-TECH,DC%3DCOM.ldb 
> -U administrator /usr/local/src/samba-4.1.0/source4/setup/ypServ30.ldif
>
> I then created an ldif for each user, this is actually automated via a 
> puppet script.
>
> cat /tmp/someuser.ldif
> dn: CN=Some User,DC=corp,DC=samdom,DC=com
> add: objectClass
> objectClass: posixAccount
> -
> add: gidNumber
> gidNumber: 100
> -
> add: uidNumber
> uidNumber: 10099
>
>
>
> Merged that data like this:
> ldapmodify -I -h 10.10.1.199 -f /tmp/someuser.ldif
>
> Test to see if the data was entered properly with this.
>
> bin/ldbsearch -H private/sam.ldb '(objectclass=posixaccount)'
>
> I can then access this easily via ldap either directly for dovecot or 
> other apps and through nss-ldap.
>
> I am going to write up a detailed post and put it on-line this weekend.
>
> Wayne Andersen
>
>
Thank Wayne!

Already started explore how to use  ypServ30.ldif.

The results from first attempt are:
- added modified ypServ30.ldif  to  ../private/sam.ldb.d/DC.....ldb 
(without errors)
- added posixAccount and uidNumber to some test user (without errors)
- queried and got the entered uidNumber via 'wbinfo -i testuser'

but - user data was not replicated on other second DC (probably I needed 
to add  ypServ30.ldif  to second DC too?)
- samba-tool dbcheck failed with "uncaught exception"
- ADUC from RSAT tools can't open user containter
- "ldbedit -H ./private/sam.ldb" crashes samba process

.. Restored from backup.

I will later tray this again in test environment

Any way  - thank for direction !

More information about the samba mailing list