[Samba] Samba 4 two DCs no matching UID/GID

steve steve at steve-ss.com
Tue Dec 9 23:52:32 MST 2014 

On 09/12/14 23:49, Tim wrote:
> But will this idmap.ldb change work for upcoming new users or groups so that uid/gid will not be different?
Hi
No. You have specified rfc2307 so the DC expects the uidNumber and 
gidNumber attributes to be stored under the DN of your users and groups. 
You can do this easily when you create the objects with samba-tool. If 
you have some already, add the attributes using ldbedit. You will also 
need to adjust where your nss information. We have already tried to help 
you with this, but you have not replied. It is very difficult for us to 
help you with the information you have supplied as e need to make 
several guesses as to what you have done.
Cheers,
Steve

>
> The wiki tells us about built-in groups. Those have the right ids.
>
>
>
> Am 9. Dezember 2014 23:03:44 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>:
>> On 09/12/14 21:07, Tim wrote:
>>> Hello all,
>>>
>>> I have a fresh install of two CentOS 7 machines. On DC1 I made a
>> domain provision with --use-rfc2307. In DC2 I made a join as DC - both
>> exactly as the wiki advised.
>>>
>>> In fact of its missing I added the idmap use rfc2307 yes parameter to
>> smb.conf.
>>>
>>> I will have an extra share on both DCs.
>>>
>>> Today I realized, that wbinfo shows different UID/GID for the same
>> users or groups on the DC's.
>>>
>>> I created the users/groups via RSAT. I don't have a Unix attributes
>> tab in RSAT. Is that my problem for different uid/gid?
>>>
>>> Thanks in advance
>>> Tim
>>
>> Hi, I think your problem is that idmap.ldb does not replicate to the
>> new
>> DC, this means that users get different UID's on the two DC's.
>>
>> If you run:
>>
>> ldbedit -e nano -H /var/lib/samba/private/idmap.ldb
>>
>> on each DC, you will be able to see the differences.
>>
>> The cure ? copy idmap.ldb from the first DC to any secondary DC's after
>>
>> the join.
>>
>> It is documented here:
>> https://wiki.samba.org/index.php/Join_a_domain_as_a_DC , near the
>> bottom
>> of the page.
>>
>> Rowland
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list