[Samba] Rights issue on GPO
lingpanda101 at gmail.com
lingpanda101 at gmail.com
Mon Jun 20 17:49:45 UTC 2016
On 6/20/2016 1:19 PM, lists wrote:
> Hi all,
>
> Following this thread with interest, as we are also having some issues
> with GPO (they work on and off, unpredictably)
> We checked iddap.ldb on the DCs and noticed differences between DCs.
>
> We would like to ask some questions:
>
> On 10-6-2016 9:26, Rowland penny wrote:
>> Well, it is and it isn't, yes winbindd will display the user & group
>> names for sysvol, but sysvol still isn't replicated between DCs. I think
>> this means that when you sync sysvol manually, you will get the ID's
>> from the first DC applied to sysvol on the second DC and if there is a
>> difference in ID numbers between the DC's, you will either just get a
>> number or, even worse, a wrong name returned.
>>
>> I could be wrong, but I still think you need to keep idmap.ldb in sync
>> on all DCs, if you are syncing sysvol.
>
> We are on sernet-samba-4.4.4 on the DCs, and "winbindd -D" is running
> on DCs.
>
> We understand we need to keep idmap.ldb in sync. We did this in the
> past, but it seems they have gotten out of sync again.
> One question: HOW OFTEN do we need to do manually sync the imap.ldb
> files? After each and every regular user addition/deletion?
>
> We are currently on sernet-4.4.4 on the 3 DCs, but on our fileserver
> we are still on samba 4.2.11 and sssd. Would that last bit have any
> impact on the GPO situation..? (i don't think so, because GPOs are on
> the DCs and not on the fileserver..?)
>
> Since our idmap.ldb differs per DC, HOW to choose which one to copy to
> the other DCs? Choosing wrongly will probably have major implications..?
>
> Sorry to ask so many questions, hopefully someone will answer.
>
> Best regards,
> MJ
>
Mine are also out of sync. Using Samba 4.4.4 on Ubuntu 12.04. I no
longer keep the idmap.ldb in sync as I thought this was no longer needed
since version 4.2 or greater unless using winbind.
I also never would reset sysvol on the other DC's when replicating using
rsync. I don't believe it was ever in the wiki. Clarification from
someone would be helpful.
--
-James
More information about the samba
mailing list