[Samba] Validate Ids Multiple DC
Carlos A. P. Cunha
carlos.hollow at gmail.com
Mon Feb 1 19:12:45 UTC 2016
Okay, but my great doubt, the problems that have different Ids?
thank you
Em 01-02-2016 16:35, Rowland penny escreveu:
> On 01/02/16 17:41, Carlos A. P. Cunha wrote:
>> Hello!
>> And my DCs now the station Ids equal, in my Fileserver this way:
>>
>> DC01:
>> wbinfo -i userteste01
>> SERVERAD \ userteste01: *: 3000367: 100: userteste01: / home /
>> SERVERAD / userteste01: / bin / false
>>
>> DC02:
>> wbinfo -i userteste01
>> SERVERAD \ userteste01: *: 3000367: 100: userteste01: / home /
>> SERVERAD / userteste01: / bin / false
>>
>> My Fileserver:
>> wbinfo -i userteste01
>> userteste01: *: 13121: 5513: userteste01: / home / SERVERAD /
>> userteste01: / bin / false
>>
>> My smb.conf the Fileserver
>>
>> [global]
>>
>> netbios name = FILESERVER
>> workgroup = SERVERAD
>> #security = domain
>> #client schannel = no
>> security = ADS
>>
>> realm = INTERNO.MYDOMAIN.COM
>> dedicated keytab file = /etc/krb5.keytab
>> kerberos method = secrets and keytab
>>
>>
>> idmap config *: backend = tdb
>> idmap config *: range = 5000-16777216
>> idmap config SERVERAD: backend = rid
>> idmap config SERVERAD: range = 5000-33554431
>> idmap_ldb: use RFC2307 = Yes
>>
>
> Sorry, but that will not work, the idmap ranges *must not* overlap.
>
> Why don't you try the settings on the Samba wiki domain member page,
> you will need to alter your uidNumber & gidNumber attributes in AD to
> start from 10000, but the smb.conf on the wiki page is known to work,
> I know because it's mine and is running on the laptop I am typing this
> on.
>
> Rowland
>
>> winbind nss info = RFC2307
>> winbind trusted domains only = on
>> winbind use default domain = yes
>> winbind enum users = yes
>> winbind enum groups = yes
>> winbind refresh tickets = Yes
>>
>> vfs objects = acl_xattr
>> map acl inherit = Yes
>> store the attributes = Yes
>>
>>
>> I'm having doubts that way would have problems? and another on the
>> config idmap I'm with means values "suspicious"?
>>
>> Thanks,
>>
>
>
More information about the samba
mailing list