[Samba] Question about samba 4 member server of a pure Windows AD
stephane.purnelle at corman.be
Mon Aug 3 08:27:51 UTC 2015
I'm not try.
My actual configuration is rfc2307. And it work fine.
But if I must replace my AD DC by a other AD DC (not managed by me and not
use rfc2307), my question was What can I do ?
Rid backend is not a solution, because I have too many ACL to apply on
files and directory ( > 1Tb of data)
So the answer is : the newer AD DC must use rfc2307.
De : Sébastien Le Ray <sebastien-samba at orniz.org>
A : Stéphane PURNELLE <stephane.purnelle at corman.be>,
samba at lists.samba.org,
Date : 03/08/2015 10:17
Objet : Re: [Samba] Question about samba 4 member server of a pure Windows
What you're trying to do is mixing RID and rfc2307. This is not possible.
I've the same kind of issue here (Samba 3 migrated DC with samba unix
users created in the same range as regular unix users), but still use
rfc2307 so I can renumber users one by one as follow :
Save old uid (1000-2000 range)
Give a new one (10000+ range)
Launch a command like (multiple -e are possible) on every unix computer
find | while read file; do echo getfacl "$file" | sed -e
"s,user:olduid:,user:newuid:," | setfacl --set-file=- "$file"; done
What for user support ticket escalation :-)
If your Windows AD does not use rf2307, you can switch to rid but then
you'll have to perform the whole ACL change at once (since rf2307 allows
me to choose UID I can perform the changes smoothly along time).
Le 03/08/2015 09:43, Stéphane PURNELLE a écrit :
A account created with samba3/ldap (created before 2014-02-20):
UidNumber : 1108
A account created with Users and computers (samba 4 AD DC)
uidNumber : 10023
My actual config (in file-server) :
idmap config XXXXXX:backend = ad
idmap config XXXXXX:schema_mode = rfc2307
idmap config XXXXXX:range = 1005-40000
If I apply RID backend :
ID = RID - BASE_RID + LOW_RANGE_ID.
For the first account :
3216 - 0 + 1005 = 4221 => bad must be 1108
For the latest created account :
5878 - 0 + 1005 = 6883 => bad must be 10023
if generated uidNumber not the same that actual uidNumber, I will lose my
More information about the samba