[Samba] posix gid mapping of built-in groups

Henrik Langos hlangos-samba at innominate.com
Mon Jun 23 05:32:42 MDT 2014

Hi Louis,

Thank you for the link. I've seen your scripts before and it was on my 
todo list to check it out and maybe even update the wiki
with a reference to it: https://wiki.samba.org/index.php/SysVol_Replication

However, my problem arises from not having Windows AD groups mapped to 
the same posix uidnumber on all AD DCs, not from having changes made on 
different DCs.

Is there a down side to providing posix gid numbers to all AD built-in 
Does anybody have experience with that approach?


On 06/20/14 09:58, L.P.H. van Belle wrote:
> Hai,
> I suggest try my script or if you not on ubuntu/debian read the script and adapt it to your os.
> Maybe this works for you with the winbind setup, i dont know but you can try it.
> Im using this now for about 1 month without problems, and i can change GPO settings on any DC now.
> https://secure.bazuin.nl/scripts/3-setup-sysvol-bidirectional.sh
> Best regards,
> Louis
>> -----Oorspronkelijk bericht-----
>> Van: hlangos-samba at innominate.com
>> [mailto:samba-bounces at lists.samba.org] Namens Henrik Langos
>> Verzonden: vrijdag 20 juni 2014 9:52
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] sysvol replication and posix uid / gid mapping
>> Hi,
>> I just found out the hard way that sysvol replication with
>> rsync stoped
>> working when I activated winbind (libnss-winbind actually) on
>> my primary
>> AD DC.
>> Originally I hadn't planed to activate winbind on the primary AD DC
>> since that machine was not meant to provide any shares.
>> What I hadn't thought of was the fact that GPOs reside as files on the
>> sysvol share and thus are subject to the same rules as any
>> other files.
>> Now I activated winbind and those files now belong to a non-numeric
>> group and rsync complains.
>> Maybe a hint in that regard on
>> https://wiki.samba.org/index.php/SysVol_Replication would be nice.
>> What is the best practice in regard to all those groups like "Domain
>> Admins" "Printer Operators" and so on?
>> Should those get posix uid/gid numbers? Could somebody point me in the
>> right direction?
>> Thanks
>> -henrik
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list