[Samba] Samba 4 permissions error

Rowland penny rpenny at samba.org
Thu Apr 28 17:07:35 UTC 2016

On 28/04/16 18:03, Jason Voorhees wrote:
> On Thu, Apr 28, 2016 at 2:13 AM, Rowland penny <rpenny at samba.org> wrote:
>> On 28/04/16 07:31, Mueller wrote:
>>> This is a normal behaviour if you are using several dcs. Users und groups
>>> do have another gid/uid on each server
>>> until you fix it manually. This was a hard experiennce and work even fo
>>> rme which I suggest that this should be
>>> the next goal for the samba 4 developers to solve and fix it in an easy
>>> way for the admins.
>>> In my opinion, if I run several dcs in a domain this should be done
>>> between the dcs automatically without intervention.
>>> Greetings
>>> Daniel
>>> EDV Daniel Müller
>> It isn't really a problem until you start copying files between DCs by means
>> other than Samba ones. It is very similar to using the 'rid' backend i.e.
>> Samba creates the UID , but with one big difference, the 'rid' backend
>> calculates the UID from the users RID, this way, the user should get the
>> same UID wherever the 'rid' backend is used. With idmap.ldb, the user just
>> gets the next UID available i.e. first come, first served.
>> In my opinion, the 'Well known SIDs' need to be allocated fixed IDs and then
>> winbind usage brought into line with the way a 'domain member' works.
> Now I can barely understand what the problem might be. I'll take a
> look at the wiki page to better understand what's wrong and how to fix
> it.
> I'll be back... Have a nice day :)

The fix is fairly simple, you need to copy idmap.ldb from the first DC 
to the second and then keep them in sync.


More information about the samba mailing list