[Samba] Validate Ids Multiple DC

Carlos A. P. Cunha carlos.hollow at gmail.com
Fri Jan 29 15:42:18 UTC 2016 

Hello!
No, the first DC was a migration of a Win Server 2003, and the second DC 
Samba only.

Yes, but already I posted the smb new post.

smb.conf

# Global parameters
[global]
workgroup = SERVERAD
realm = mydomain
netbios name = DC-LINUX1 (and DC-LINUX2)
server role = active directory domain controller
passdb backend = samba_dsdb
server services = s3fs, rpc, nbt, wrepl, ldap, CLDAP, kdc, drepl, 
winbindd, ntp_signd, kcc, dnsupdate

map archive = No
map readonly = no
store the attributes = Yes
vfs objects = dfs_samba4 acl_xattr
idmap_ldb: use RFC2307 = yes
kerberos method = system keytab
client ldap sasl wrapping = sign
allow DNS updates = nonsecure and secure
nsupdate command = / usr / bin / nsupdate -g

## Map id's to outside domain to tdb files.
idmap config *: backend = tdb
idmap config *: range = 2000-9999
### Map IDs from the domain and (*) the range may not overlap!
idmap config SERVERAD: backend = ad
idmap config SERVERAD: schema_mode = RFC2307
idmap config SERVERAD: range = 10000-3999999

## Use home directory and shell information from AD
winbind nss info = RFC2307

winbind trusted domains only = on
winbind use default domain = yes
winbind expand groups = 4

# Disable Cups
load printers = no
printing = bsd
printcap name = / dev / null
spoolss disable = yes

DC-LINUX1

id userproxy01
uid = 3000370 (SERVERAD \ userproxy01) gid = 100 (users) groups = 100 
(users), 3000370 (SERVERAD \ userproxy01), 3,000,001 (BUILTIN \ users)

getent passwd userproxy01
SERVERAD \ userproxy01: *: 3000370: 100: userproxy01: / home / SERVERAD 
/ userproxy01: / bin / false

DC-LINUX2

id userproxy01
uid = 3000036 (SERVERAD \ userproxy01) gid = 100 (users) groups = 100 
(users), 3000036 (SERVERAD \ userproxy01), 3,000,001 (BUILTIN \ users)

getent passwd userproxy01
SERVERAD \ userproxy01: *: 3000036: 100: userproxy01: / home / SERVERAD 
/ userproxy01: / bin / false

Em 29-01-2016 13:34, Rowland penny escreveu:
> On 29/01/16 15:26, Carlos A. P. Cunha wrote:
>> At first no, but I find it strange tere different ids...
>
>
> Can you post your smb.conf.
>
> Have you given any of your users & groups a uidNumber or gidNumber ?
> How many DCs have you ?
>
> Rowland
>
>>
>> Please if you can have your sm.conf would help.
>>
>
>

More information about the samba mailing list