[Samba] Samba 4 two DCs no matching UID/GID

steve steve at steve-ss.com
Thu Dec 11 15:53:25 MST 2014

On 11/12/14 23:35, Rowland Penny wrote:
> On 11/12/14 22:15, Tim wrote:
>> Thanks Steve,
>> I will have a look at it. I think it's important to sync the idmap.ldb
>> limits because in case of a crash of the schema master DC another DC
>> must be seized and may not reassign already used ids in rfc2307 for
>> new users or groups.
>> Am 11. Dezember 2014 23:07:06 MEZ, schrieb steve <steve at steve-ss.com>:
>>> On 11/12/14 22:50, Tim wrote:
>>>> It will transfer the ids of idmap.ldb of the schema master DC into
>>> the rfc2307. All secondary DCs will replicate this by DRS.
>>>> All I'm missing is to get the max uid/gid out of idmap.ldb
>>> The limits are held at:
>>> dn: CN=CONFIG
>>> But you told us that you had gone with rfc2307. In which case nothing
>>> new will be written there, so that is no use to you.
>>> Please post your non ADUC method anyway.
>>> Cheers,
>>> Steve
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
> I have to see this non ADUC method for setting rfc2307 attributes, I
> think the OP is altering idmap.ldb, something that has **NO** rfc2307
> attributes in it.
> Rowland
We think the biggest setback to date is the misconception that new users 
are written to the idmap db. You could store the users there, even if 
you have rfc2307 specified as the OP has, but you still need to transfer 
them to the ad db to be replicated.

BTW, the OPs nss is with sssd. Do we have sssd.conf?

I think we're close to nailing this one now.

More information about the samba mailing list