[Samba] Samba 4 Consistent uid gid mapping across servers.

Rowland Penny rowlandpenny at googlemail.com
Fri Oct 25 10:38:23 MDT 2013

On 25/10/13 17:28, steve wrote:
> On Fri, 2013-10-25 at 17:19 +0100, Rowland Penny wrote:
>> On 25/10/13 17:05, steve wrote:
>>> On Fri, 2013-10-25 at 16:23 +0100, Rowland Penny wrote:
>>>> On 25/10/13 16:07, steve wrote:
>>>>> On Fri, 2013-10-25 at 17:22 +0300, Gints Neimanis wrote:
>>>>>> Already started explore how to use  ypServ30.ldif.
>>>>>> The results from first attempt are:
>>>>>> - added modified ypServ30.ldif  to  ../private/sam.ldb.d/DC.....ldb
>>>>>> (without errors)
>>>>> It is a cardinal sin to alter the partition. I think you'll now have a
>>>>> corrupted AD. Can you go back to the backup and add the ldif
>>>>> against ../private/sam.ldb instead?
>>>>> On DC2, I think the best way is to demote it. Then update the schema on
>>>>> a freshly reinstated DC1. Now add a rfc2307 user. Then rejoin DC2
>>>>> whereupon it should now replicate your uidNumber.
>>>>> HTH
>>>>> Steve
>>>> Hi, totally agree, plus I thought that you didn't actually have the
>>>> required objectclasses & attributes in the your schema, just adding
>>>> ypServ30.ldif will not add them.
>>>> Rowland
>>> Hi
>>> Oh dear. I had assumed that ypServ.ldif was the schema extension that
>>> gave rfc2307 back in the 2003-2003R2 days. This puts yet another slant
>>> on it. Phew!
>>> Cheers,
>>> Steve
>> Hi Steve, No, adding ypServ30.ldif is a bit like adding the
>> automount.ldif, you need the right objectClasses & attributes in the
>> schema first. If you are interested, you will find ypServ30.ldif in
>> /usr/local/samba/share/setup/, but from my investigations, it does not
>> seem to be the full ldif that windows added.
>> It would seem that to get the UNIX attributes tab to show in ADUC, you
>> need to be running Windows server 2003R2 (aka Samba4) and have
>> ypServ30.ldif installed (aka SFU 3.5 or whatever they are calling it
>> this week)
>> Rowland
> Hi Rowland
> Thanks. Got it now.
> OK, so I think that the OP needs the schema extension ldif that adds the
> posixAccount objectClass and related attributes. Do we have that? I
> don't think anyone has been here before.
> Cheers,
> Steve
Yes, if the OP doesn't have the posix bits in his schema, he needs to 
somehow add them. You can dump the schema and I offered to let him have 
a copy of mine, at which point he would have to dump his and then 
compare it with mine and then add what is in mine and not in his, then 
add ypServ30.ldif, even then I am not 100% sure it will work.

I do not know if you noticed, but it would seem he started with 2000, 
raised it to 2003 and then added the samba4 machine (I think, but I am 
loosing track now)

Oh, and its the posixAccount auxillary objectClass ;-) (I added this to 
annoy Stephane)


More information about the samba mailing list