[Samba] Samba 4 two DCs no matching UID/GID
Rowland Penny
rowlandpenny at googlemail.com
Thu Dec 11 05:20:21 MST 2014
On 11/12/14 11:44, rintimtim at gmx.net wrote:
> Thanks for your advice regarding modifying the ldb. Before I do that I have to tell that uids and gids are automatically assigned in ADUC Unix tab.
>
> All have to do is to choose the NIS domain. After changing this field all other Unix attributes are automatially filled in. So this works.
Hmm, seems that I assumed too much, yes you have to select your domain
before the rest shows in the tab.
>
> I tried something different for testing:
>
> I added a user with samba-tool using a script and assigned a random (based on date) number for uid:
> Script add-ad-user:
> samba-tool user create $1 --uid-number=$(date +%H%M%S)
>
> Calling the script add-ad-user test1
>
> Something interesting happens: The random uid is assigned to that user in rfc2307. Both DC's have this same uid when I do "wbinfo -i test1". The unix tab of ADUC remains empty.
Yes, this is what is supposed to happen, the empty unix tab could be one
of two things, either you need to select your domain in the tab, or more
likely, you user doesn't have enough attributes, ADUC would have added
*all* of these:
uid
msSFU30Name
msSFU30NisDomain
uidNumber
gidNumber
loginShell
unixHomeDirectory
unixUserPassword
The last one would be set to 'ABCD!efgh12345$67890'
> I added "add user script = /path/to/script/add-ad-user %u" to smb.conf in global section but unfortunatly it doesn't work. I guess due to the servers role of AD Controller.
No, I don't think that will work with AD.
>
> If a domain is provisioned with rfc2307 it seems to me just a small step of setting uid in rfc2307 when a user or group is created by ADUC. Something for Samba Devs?
It just needs the creation of the 'msSFU30MaxUidNumber' &
'msSFU30MaxGidNumber' attributes, but just what number do you start from
? Windows uses '10000', but what if samba has been upgraded from an S3
NT4 PDC via classicupgrade, the highest ID number could be higher (or
lower) than 10000. No, I think that what we have at the moment is
probably right, let the sysadmin choose how to keep a record of the last
id number used.
Rowland
> Thanks
> Tim
>
>
>
More information about the samba
mailing list