[Samba] samba 4.2.1 copy idmap...and problems with bi-directional sysvolsync.

L.P.H. van Belle belle at bazuin.nl
Wed Apr 29 01:30:34 MDT 2015 

Hai Rowland / Andrey, 


that.. was a stupid one to miss.. 
that was because it was checking against defaults of samba, forgot to put that one back..
and yes, tested it also with, and im noticing the same. (different id's ) 
so.. back to winbind... and now id's are same again.. 

thanks. . 

and andrey, im using my sysvol scripts to set it up. 
have a look here, https://secure.bazuin.nl/scripts/ 

new version 1.0.5 for  : 3-setup-sysvol-bidirectional.sh 

last changes.: 
# 2015-02-24: 1.0.4: corrected the mixed up of PATH and BASE in line 97 ( now really no more double sysvol )
# 2015-04-29: 1.0.5: added extra copy of idmap.ldb, to make sure the uids/gids on both servers are correct.
#                    samba 4.2.1 did complain about wrong uid/gids in the sync.
#                    copy of sysvol did not always work, fixed it,
#                    removed the copy of sysvol on dc2, due to above fixed not needed anymore.
#                    added notification, when using samba 4.2 and winbindd, which is not supported, due to different ids
#                    even when idmap.ldb is copied.
#

Greetz, 

Louis



>-----Oorspronkelijk bericht-----
>Van: Andrey Repin [mailto:anrdaemon at yandex.ru] 
>Verzonden: dinsdag 28 april 2015 22:16
>Aan: L.P.H. van Belle; samba at lists.samba.org
>Onderwerp: Re: [Samba] samba 4.2.1 copy idmap...and problems 
>with bi-directional sysvolsync.
>
>Greetings, L.P.H. van Belle!
>
>> Im try to get my id for administrator groups on both server the same.
>>  
>> with 4.1.17 the solution was simple.. 
>> we stop samba on both servers. 
>> scp /var/lib/samba/private/idmap.ldb 
>root at 192.168.0.2:/var/lib/samba/private/
>>  
>> started samba, and the id's where the same. 
>>  
>> Im using winbindd now with samba 4.2.1 
>> but... 
>>  
>> DC1:  id administrator
>> uid=0(root) gid=100(users) 
>groups=0(root),100(users),3000004(group policy
>> creator owners),3000006(enterprise admins),
>> 3000008(domain admins),3000007(schema admins),3000005(denied 
>rodc password
>> replication group),3000009(BUILTIN\users),
>> 3000000(BUILTIN\administrators)
>
>> id administrator
>> uid=0(root) gid=100(users) 
>groups=0(root),100(users),3000011(group policy
>> creator owners),3000010(enterprise admins),
>> 3000007(domain admins),3000009(schema admins),3000008(denied 
>rodc password
>> replication group),3000001(BUILTIN\users),
>> 3000000(BUILTIN\administrators)
>
>Louis... welcome to my everyday nightmare for the past month.
>
>> see the differences here.. 
>>  
>> What am i missing.. 
>> Because of this the bi-directional sysvol sync does not works ok !! 
>
>How exactly you are syncing it?
>  
>> config used : 
>> # Global parameters
>> [global]
>>         workgroup = BAZRTD
>>         realm = ROTTERDAM.BAZUIN.NL
>>         netbios name = RTD-DC2
>>         server role = active directory domain controller
>>         server services = -dns
>>  
>>         idmap_ldb:use rfc2307 = yes
>>         idmap config * :backend = tdb
>>         idmap config * :range = 2000-9999
>>         idmap config BAZRTD : backend = ad
>>         idmap config BAZRTD : range = 10000-3999999
>>  
>>         winbind nss info = rfc2307
>>         winbind trusted domains only = no
>>         winbind use default domain = yes
>
>Aside from "idmap config <DOMAIN> : schema_mode = rfc2307" 
>pointed by Rowland,
>make sure you don't have overlapped UID's in idmap and SAM.
>
>
>-- 
>With best regards,
>Andrey Repin
>Tuesday, April 28, 2015 23:13:15
>
>Sorry for my terrible english...
>

More information about the samba mailing list