[Samba] Second DC doesn't recognize users/groups on getent
Sketch
smblist at rednsx.org
Tue Oct 13 15:12:40 UTC 2015
On Tue, 13 Oct 2015, Guilherme Boing wrote:
> I was looking into this issue because I was doing the sysvol replication
> and noticed that the sysvol path had a '300000' as the group owner on DC2,
> where on DC1 30000 translates to 'BUILTIN\administrators'.
>
> DC1:
> drwxrwx---+ 3 root BUILTIN\administrators 31 Ago 24 08:01 sysvol
>
> DC2:
> drwxrwx---+ 3 root 3000000 31 Aug 24 08:02 sysvol
>
> (SELinux is disabled btw)
>
> Not sure if this is going to break anything or not.
I'm not sure if it will actually break anything, I believe it will just
cause spurious warnings in group policy editor (this was the only ill
effect I actually observed). It's because the built-in group IDs are not
synchronized between DCs. The wiki describes how to manually copy them
from one DC to any others to fix this problem:
https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory#GID_mappings_of_built-in_groups
More information about the samba
mailing list