[Samba] samba 4.2.1 copy idmap...and problems with bi-directional sysvolsync.

L.P.H. van Belle belle at bazuin.nl
Tue Apr 28 08:58:22 MDT 2015

Im try to get my id for administrator groups on both server the same. 
with 4.1.17 the solution was simple.. 
we stop samba on both servers. 
scp /var/lib/samba/private/idmap.ldb root at
started samba, and the id's where the same. 
Im using winbindd now with samba 4.2.1 
DC1:  id administrator
uid=0(root) gid=100(users) groups=0(root),100(users),3000004(group policy creator owners),3000006(enterprise admins),
3000008(domain admins),3000007(schema admins),3000005(denied rodc password replication group),3000009(BUILTIN\users),

id administrator
uid=0(root) gid=100(users) groups=0(root),100(users),3000011(group policy creator owners),3000010(enterprise admins),
3000007(domain admins),3000009(schema admins),3000008(denied rodc password replication group),3000001(BUILTIN\users),

see the differences here.. 
What am i missing.. 
Because of this the bi-directional sysvol sync does not works ok !! 
config used : 
# Global parameters
        workgroup = BAZRTD
        realm = ROTTERDAM.BAZUIN.NL
        netbios name = RTD-DC2
        server role = active directory domain controller
        server services = -dns
        idmap_ldb:use rfc2307 = yes
        idmap config * :backend = tdb
        idmap config * :range = 2000-9999
        idmap config BAZRTD : backend = ad
        idmap config BAZRTD : range = 10000-3999999
        winbind nss info = rfc2307
        winbind trusted domains only = no
        winbind use default domain = yes


More information about the samba mailing list