[Samba] samba 4.2.1 copy idmap...and problems with bi-directional sysvolsync.

Rowland Penny rowlandpenny at googlemail.com
Tue Apr 28 09:08:45 MDT 2015 

On 28/04/15 15:58, L.P.H. van Belle wrote:
> Hai,
>   
> Im try to get my id for administrator groups on both server the same.
>   
> with 4.1.17 the solution was simple..
> we stop samba on both servers.
> scp /var/lib/samba/private/idmap.ldb root at 192.168.0.2:/var/lib/samba/private/
>   
> started samba, and the id's where the same.
>   
> Im using winbindd now with samba 4.2.1
> but...
>   
> DC1:  id administrator
> uid=0(root) gid=100(users) groups=0(root),100(users),3000004(group policy creator owners),3000006(enterprise admins),
> 3000008(domain admins),3000007(schema admins),3000005(denied rodc password replication group),3000009(BUILTIN\users),
> 3000000(BUILTIN\administrators)
>
> id administrator
> uid=0(root) gid=100(users) groups=0(root),100(users),3000011(group policy creator owners),3000010(enterprise admins),
> 3000007(domain admins),3000009(schema admins),3000008(denied rodc password replication group),3000001(BUILTIN\users),
> 3000000(BUILTIN\administrators)
>
> see the differences here..
>   
> What am i missing..
> Because of this the bi-directional sysvol sync does not works ok !!
>   
> config used :
> # Global parameters
> [global]
>          workgroup = BAZRTD
>          realm = ROTTERDAM.BAZUIN.NL
>          netbios name = RTD-DC2
>          server role = active directory domain controller
>          server services = -dns
>   
>          idmap_ldb:use rfc2307 = yes
>          idmap config * :backend = tdb
>          idmap config * :range = 2000-9999
>          idmap config BAZRTD : backend = ad
>          idmap config BAZRTD : range = 10000-3999999
>   
>          winbind nss info = rfc2307
>          winbind trusted domains only = no
>          winbind use default domain = yes
>
>   
> Greetz,
>   
> Louis

Hi Louis, Well, this line is missing: idmap config BAZRTD:schema_mode = 
rfc2307
but, does adding those lines to an AD DC actually work ? it didn't seem 
to make any difference when I tried it on an rc candidate for 4.2.

You seem to be hitting the same problem that an OP on the technical 
mailing list had, he appeared to cure it by using winbind instead of 
winbindd.

Rowland

More information about the samba mailing list