[Samba] Samba 4 Member server show diferent UID than Ad Server

Tue Jun 14 14:52:36 UTC 2016

I like the idea.

- synchronize private/idmap.ldb across your DC at least (they all host
Sysvol, sysvol is rsynced, here you can have issues with UID/GID). Members
servers seem to not have that file.

But in my Domain Controler I do not find this file.

I found the file in the AD DC.

There any way to avoid adding UID users, or impossible without doing this.
They are as 300 users.

Analista Inf.
Juan Ignacio Pazos
<http://www.linkedin.com/pub/juan-ignacio-pazos-lorenzo/19/9b9/26a>

2016-06-14 7:23 GMT-03:00 mathias dufresne <infractory at gmail.com>:

> Without UID and / or GID configured into AD database (into LDAP tree) Samba
> would give UID / GID to users and groups when needed, and as nothing is
> written, Samba has to guess. This guessing process is called id mapping.
>
> Samba does not synchronize generated file containing this ID map. No
> synchronization and xID random xID fathers to xID inconsistency.
>
> This is not necessarily an issue: with only one DC (a config I can't
> approve) no issue: Sysvol is hosted by only one DC, no inconsistency when
> your are alone (that's when you met people that craziness appears :). File
> servers do not host same files normally: AD DC are hosting Sysvol and
> NetLogon and these both shares are not hosted on file servers which are
> hosting others files. Different files so no issue with rights... as long as
> you don't have to make copy or displace files from server to server, in
> that case that could be a mess..
>
> Solution seems to be:
> - give UID/GID to everything in AD. Your users and those in CN=BUILTIN and
> CN=Users too.
> - synchronize private/idmap.ldb across your DC at least (they all host
> Sysvol, sysvol is rsynced, here you can have issues with UID/GID). Members
> servers seem to not have that file.
> - use "net cache flush" to clear idmap cache on every server (members
> included). Once cache is cleared, Winbind would need to find out what
> UID/GID to use, it should now rely on UID:GID declared into AD database and
> the issue should disappear.
>
> 2016-06-14 9:14 GMT+02:00 Mueller <mueller at tropenklinik.de>:
>
> > So you need to configure winbindd the right way to solve this.
> > In deed if you have another UID it can result in "access refused".
> > This is an issue I treid to discuss since samba4 started and I think this
> > should be an integrated thing in samba ads to member server
> > Without having admins to bother about.
> >
> > Greetings
> > Daniel
> >
> >
> > EDV Daniel Müller
> >
> > Leitung EDV
> > Tropenklinik Paul-Lechler-Krankenhaus
> > Paul-Lechler-Str. 24
> > 72076 Tübingen
> > Tel.: 07071/206-463, Fax: 07071/206-499
> > eMail: mueller at tropenklinik.de
> > Internet: www.tropenklinik.de
> >
> >
> >
> >
> > -----Ursprüngliche Nachricht-----
> > Von: Juan Ignacio [mailto:juan.ignacio.pazos at gmail.com]
> > Gesendet: Montag, 13. Juni 2016 17:32
> > An: samba at lists.samba.org
> > Betreff: [Samba] Samba 4 Member server show diferent UID than Ad Server
> >
> > Hello friends, I come to ask for a hand.
> >
> > I have an AD server with Samba 4.1 and added a Member Server 4.4 without
> > problems.
> >
> > The only problem I'm having is that the UID of users in the Member Server
> > are different from the AD server.
> >
> > Ad Server
> >
> > KENNEDY\florenciaelmone:*:3000679:100:Florencia Elmone
> > Domingues:/home/KENNEDY/florenciaelmone:/bin/false
> >
> > Member Server
> >
> > florenciaelmone:*:100002:100008:Florencia Elmone
> > Domingues:/home/KENNEDY/florenciaelmone:/bin/false
> >
> > Some way to resolve this?
> >
> > Thanks.
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>