[Samba] RFC2307 attributes not being read by DC2 in 4.2.1
Andrey Repin
anrdaemon at yandex.ru
Thu Apr 23 15:24:56 MDT 2015
Greetings, Rowland Penny!
>>>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>>>> drepl, winbindd, ntp_signd, kcc, dnsupdate
>>
>> Since "winbindd" is included in this line, shouldn't also "-winbind"
>> be there? I think that when you use the normal winbind you must
>> disable the internal one.
>>
>> Could the simultaneous use of both winbinds be the cause of the
>> confusion?
> If you read what I wrote, you will see I said to replace 'winbindd' with
> 'winbind'. We are referring to samba 4.2.1, as standard this uses the
> separate 'winbindd' daemon instead of the 'winbind' built into the samba
> daemon.
> If using the old 'winbind' cures the OP problem, then there is a problem
> in the way that a 4.2.1 DC uses the 'winbindd' deamon.
Internal AD winbind implementation doesn't care about SAM posixAccount
mappings in sam.ldb - it reads the RFC2307 mappings from idmap.ldb, whereas
member servers read the maps from SAM.
This creates a nice clash of UID's between DC and members, even worse - it
creates a clash between idmap and sam on the DC.
I'm right now trying to conceive a plan to solve this crap.
--
With best regards,
Andrey Repin
Friday, April 24, 2015 00:22:11
Sorry for my terrible english...
More information about the samba
mailing list