[Samba] Mixed Samba4 and 3.6 uids/gids

Rowland Penny rowlandpenny at googlemail.com
Mon Dec 22 14:48:17 MST 2014

On 22/12/14 21:35, William Ross wrote:
> On 22/12/14 19:04, Rowland Penny wrote:
>> On 22/12/14 17:22, Denis Cardon wrote:
>>> Hi William,
>>>> I have an AD domain (Samba 4.1.13 domain controllers) and some Samba
>>>> 3.6 clients.
>>>> I would like the uid/gid mappings to be consistent across the two
>>>> sets of machines.
>>> By the way, samba 3.6 is going end of life pretty soon (see the recent
>>> 4.2RC3 release notes), you should upgrade your 3.6 domain members to
>>> samba4 too.
>>> Cheers,
>>> Denis
>> Hi, what you are saying Denis is true as far as it goes, but the OP also
> needs to add the
>> required RFC2307 attributes (uidNumber, gidNumber) to the user & group
> objects.
>> Rowland
> Does upgrading the member servers to Samba 4 mean they can share the uid/gid
> mapping the
> Samba 4 DCs are currently using?

Samba 4 is just the next version after 3.6.x and as such works pretty 
much like 3.6.x (though there are slight parameter differences).
I am pretty sure that there is no way to get the same ID numbers on 
member servers as on the DC without using RFC2307 attributes

> According to https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
> I would still
> need to use:
> idmap config DOMAIN : backend = ad
> for a member server even under Samba 4. Which would mean I would need to
> populate the
> uid/gid attributes within AD.
> At present, presumably my Samba4 DCs are storing a mapping in the .ldb/.tdb
> files in
> /usr/local/samba/private (hidden from AD). Is there no way to use the same
> mapping on a
> member server?

No, the real reason for idmap.ldb is to store ID's for the BUILTIN well 
known SID's, it also maps users & groups as well, this setup is not used 
on member servers.

You could do what the Samba wiki advises, only use the DC for 



More information about the samba mailing list