[Samba] posix gid mapping of built-in groups
hlangos-samba at innominate.com
Mon Jun 23 05:32:42 MDT 2014
Thank you for the link. I've seen your scripts before and it was on my
todo list to check it out and maybe even update the wiki
with a reference to it: https://wiki.samba.org/index.php/SysVol_Replication
However, my problem arises from not having Windows AD groups mapped to
the same posix uidnumber on all AD DCs, not from having changes made on
Is there a down side to providing posix gid numbers to all AD built-in
Does anybody have experience with that approach?
On 06/20/14 09:58, L.P.H. van Belle wrote:
> I suggest try my script or if you not on ubuntu/debian read the script and adapt it to your os.
> Maybe this works for you with the winbind setup, i dont know but you can try it.
> Im using this now for about 1 month without problems, and i can change GPO settings on any DC now.
> Best regards,
>> -----Oorspronkelijk bericht-----
>> Van: hlangos-samba at innominate.com
>> [mailto:samba-bounces at lists.samba.org] Namens Henrik Langos
>> Verzonden: vrijdag 20 juni 2014 9:52
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] sysvol replication and posix uid / gid mapping
>> I just found out the hard way that sysvol replication with
>> rsync stoped
>> working when I activated winbind (libnss-winbind actually) on
>> my primary
>> AD DC.
>> Originally I hadn't planed to activate winbind on the primary AD DC
>> since that machine was not meant to provide any shares.
>> What I hadn't thought of was the fact that GPOs reside as files on the
>> sysvol share and thus are subject to the same rules as any
>> other files.
>> Now I activated winbind and those files now belong to a non-numeric
>> group and rsync complains.
>> Maybe a hint in that regard on
>> https://wiki.samba.org/index.php/SysVol_Replication would be nice.
>> What is the best practice in regard to all those groups like "Domain
>> Admins" "Printer Operators" and so on?
>> Should those get posix uid/gid numbers? Could somebody point me in the
>> right direction?
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba