[Samba] Validate Ids Multiple DC
L.P.H. van Belle
belle at bazuin.nl
Fri Jan 29 08:59:24 UTC 2016
If you add the "not" supported winbind options from the member also to the DCs, then you will have the same resulting uid on all servers.
Official not supported, but works now for more then a year here.
( sernet samba 4.2.7 on debian wheezy )
This is my addition to the smb.conf on the DC.
## map id's outside to domain to tdb files.
idmap config * : backend = tdb
idmap config * : range = 2000-9999
## map ids from the domain and (*) the range may not overlap !
idmap config NTDOMAIN : backend = ad
idmap config NTDOMAIN : schema_mode = rfc2307
idmap config NTDOMAIN : range = 10000-3999999
# Use home directory and shell information from AD
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind expand groups = 4
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Mueller
> Verzonden: vrijdag 29 januari 2016 9:21
> Aan: 'Carlos A. P. Cunha'; samba at lists.samba.org
> Onderwerp: Re: [Samba] Validate Ids Multiple DC
>
> You can try to do it with the unix tab in rsat on the master dc (as I did)
> . Both DCs have the same ids.
> On your memberservers this will be mapped by winbind(d)
> EX:
>
> [root at s4master ~]# id tester
> uid=90000(TPLK\tester) gid=100(users)
> Gruppen=100(users),3000051(TPLK\TerminalServer
> User),3000027(TPLK\Dienstplan),3000028(TPLK\Direktionv),3000048(TPLK\Schre
> iben),3000045(TPLK\pflege),3000038(TPLK\orbis),3000023(TPLK\agfa),3000033(
> TPLK\HS3)
>
> [root at s4slave ~]# id tester
> uid=90000(TPLK\tester) gid=100(users)
> Gruppen=100(users),3000051(TPLK\TerminalServer
> User),3000027(TPLK\Dienstplan),3000028(TPLK\Direktionv),3000048(TPLK\Schre
> iben),3000045(TPLK\pflege),3000038(TPLK\orbis),3000023(TPLK\agfa),3000033(
> TPLK\HS3)
>
> winbind(d) mapping the same ids on 2 memberservers:
> [root at centclust1 ~]# id tester
> uid=1606(tester) gid=1013(domain users) Gruppen=1013(domain
> users),1619(dienstplan),1625(hs3),1640(schreiben),1615(agfa),1637(pflege),
> 1643(terminalserver
> user),1630(orbis),1620(direktionv),4000001(BUILTIN\users)
>
>
> [root at centclust2 ~]# id tester
> uid=1606(tester) gid=1013(domain users) Gruppen=1013(domain
> users),1615(agfa),1619(dienstplan),1625(hs3),1630(orbis),1637(pflege),1640
> (schreiben),1643(terminalserver
> user),1620(direktionv),100001(BUILTIN\users)
>
>
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: Carlos A. P. Cunha [mailto:carlos.hollow at gmail.com]
> Gesendet: Freitag, 29. Januar 2016 00:43
> An: samba at lists.samba.org
> Betreff: [Samba] Validate Ids Multiple DC
>
> Hello!
> I have 2 Samba 4 server (4.3.3) as VC and other Samba 4 (4.3) as
> Fileserver, until now all ok, but I'm one doubts, how to validate that in
> both servers the domain IDs of the users of this identical, a simple way
> to do this validation?
> I wanted to make sure it is a DC die fileserver has to go 100%.
> thank you
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list