[Samba] Validate Ids Multiple DC
Rowland penny
rpenny at samba.org
Mon Feb 1 18:35:11 UTC 2016
On 01/02/16 17:41, Carlos A. P. Cunha wrote:
> Hello!
> And my DCs now the station Ids equal, in my Fileserver this way:
>
> DC01:
> wbinfo -i userteste01
> SERVERAD \ userteste01: *: 3000367: 100: userteste01: / home /
> SERVERAD / userteste01: / bin / false
>
> DC02:
> wbinfo -i userteste01
> SERVERAD \ userteste01: *: 3000367: 100: userteste01: / home /
> SERVERAD / userteste01: / bin / false
>
> My Fileserver:
> wbinfo -i userteste01
> userteste01: *: 13121: 5513: userteste01: / home / SERVERAD /
> userteste01: / bin / false
>
> My smb.conf the Fileserver
>
> [global]
>
> netbios name = FILESERVER
> workgroup = SERVERAD
> #security = domain
> #client schannel = no
> security = ADS
>
> realm = INTERNO.MYDOMAIN.COM
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
>
>
> idmap config *: backend = tdb
> idmap config *: range = 5000-16777216
> idmap config SERVERAD: backend = rid
> idmap config SERVERAD: range = 5000-33554431
> idmap_ldb: use RFC2307 = Yes
>
Sorry, but that will not work, the idmap ranges *must not* overlap.
Why don't you try the settings on the Samba wiki domain member page, you
will need to alter your uidNumber & gidNumber attributes in AD to start
from 10000, but the smb.conf on the wiki page is known to work, I know
because it's mine and is running on the laptop I am typing this on.
Rowland
> winbind nss info = RFC2307
> winbind trusted domains only = on
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> winbind refresh tickets = Yes
>
> vfs objects = acl_xattr
> map acl inherit = Yes
> store the attributes = Yes
>
>
> I'm having doubts that way would have problems? and another on the
> config idmap I'm with means values "suspicious"?
>
> Thanks,
>
More information about the samba
mailing list