[Samba] idmap & migration to rfc2307

Rowland Penny rowlandpenny at googlemail.com
Thu Jun 11 12:32:33 MDT 2015 

On 11/06/15 18:21, Jonathan Hunter wrote:
> Yup, strange - right!
>
> Samba 4.2.2
>
> RFC2307 attributes were added as follows:
> # sed -e 's/${DOMAINDN}/dc=MYDOMAIN,dc=MY,dc=TLD/g'  \
>        -e 's/${NETBIOSNAME}/MYDOMAIN/g'              \
>        -e 's/${NISDOMAIN}/MYDOMAIN/g'                \
>        /usr/local/samba/share/setup/ypServ30.ldif > ypServ30-JMH.ldif
> # service samba4 stop
> # ldbmodify -H /usr/local/samba/private/sam.ldb ypServ30-JMH.ldif
> --option="dsdb:schema update allowed"=true
> Modified 55 records successfully
> # service samba4 start
>
> I have been allocating a UID for users, and a GID for groups, via RSAT
> ADUC; that's it - just used the next number in sequence. For users, I
> have been setting the primary group to "Domain Users" (which has had a
> GID allocated via ADUC)
>
> On DC2 (which nobody logs in to interactively), no issues.
>
> On DC1 (which has files and people log in to via ssh), I have issues.
>
> On 11 June 2015 at 18:07, Rowland Penny <rowlandpenny at googlemail.com> wrote:
>> On 11/06/15 17:26, Jonathan Hunter wrote:
>>> (to clarify, in case people are skimming this thread and think it is
>>> fixed..) The problem still occurs - id mappings are still being
>>> overwritten.. :(
>>
>> OK, this is very strange, what version of samba and how are you adding the
>> RFC2307 attributes, also what RFC2307 attributes are you adding.
>>
>> Rowland
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>

Have you checked that your users actually have uidNumber attributes ?
What OS are you using ?
Do you have the winbind links in place ?

If you run 'getent passwd adomainuser' , does it print anything ?

if you run the command on the other DC, do you get the same result ?

The 3000007 ID number you refer to, is an xidNumber from idmap.ldb and 
is created by samba. Nothing else as far as I am aware will alter 
idmap.ldb, though there are a couple of files you can check for:

gencache_notrans.tdb
gencache.tdb

If they exist, delete them and then restart samba, do this on both DCs

Rowland

More information about the samba mailing list