[Samba] WG: After Upgrade to Samba-4.3.4

Mueller mueller at tropenklinik.de
Tue Feb 9 10:55:44 UTC 2016

What I have done bevor updating to 4.3.4 and it was working until then.

I userd the map unix tab in ADUC and gave uid and gid to all users /groups  but administrator.
This worked until the update. Now the dcs mix up only!!! group ids with computer ids (security tab)

root at s4slave exim]# getent group personal

root at s4slave exim]# getent group reserve09$

[root at s4master ~]# getent group personal  <-----------------------------------

[root at s4master ~]#  getent group reserve09$<-----------------------------

Is there a way I can change the GID of reserve09$ back to hits originaly?

ADUC--> Tab >>Attribute change?

EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen 
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de 

-----Ursprüngliche Nachricht-----
Von: Rowland penny [mailto:rpenny at samba.org] 
Gesendet: Dienstag, 9. Februar 2016 11:04
An: samba at lists.samba.org
Betreff: Re: [Samba] WG: After Upgrade to Samba-4.3.4

On 09/02/16 09:26, Mueller wrote:
> Hello again,
> no idea!?
> Both my DCs running now 4.3.4, but there is a strange behaviour,
> Ex.:
> First DC
> root at s4master wingroup]# id maurerp
> uid=90036(TPLK\maurerp) gid=100(users) 
> Gruppen=100(users),3000048(TPLK\schreiben),3000038(TPLK\orbis),3000023
> (TPLK\
> agfa),3000009(BUILTIN\users)
> Second DC
> [root at s4slave ~]# id maurerp
> uid=90036(TPLK\maurerp) gid=100(users) 
> Gruppen=100(users),3000048(TPLK\aerzte08$),3000038(TPLK\reserve09$),30
> 00023(
> TPLK\agfa),3000001(BUILTIN\users
> As you see group with ID 3000048 (schreiben) is mapped on the second DC:
> 3000048(TPLK\aerzte08$)
> How can I correct this issue?
> Greetings
> Daniel

This is a known problem, on a DC users and groups are mapped via idmap.ldb, only problem is the idmap.ldb on the first DC is very probably not going to be the same as the idmap.ldb on the second DC, this is because they are not synced.

It was even worse before Samba 4.2.0, you just got numbers.

You have three choices:
Ignore it, but be aware that you may have problems if you try to copy a file from one DC to the other with something that ignores the owner & group and just relies on the uid & gid numbers.
You can copy idmap.ldb from the first DC to the second, but this would then entail changing the ownership of files on the second DC to the new uid & gidNumbers. You would also have to keep the two idmap.ldb files in sync.
The last choice is probably the best idea, give your users & groups uidNumber & gidNumber attributes, these would take precedence over the numbers you are using now. You would still need to change ownership of the files, but this would be a one time thing and replication would keep the two DCs in sync. You can then use ADUC to manage your users.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list