[Samba] Rights issue on GPO

lists lists at merit.unu.edu
Tue Jun 21 11:09:55 UTC 2016

Hi Achim,

> Looks like on DC4 3000300 is mapped to an computer account for "proxmox".
> On DC2/DC32 3000009 should map to S-1-5-18 (Local System) and 3000300
> S-1-5-11 (Autheticated Users).
> These are both Security groups which do not resolv via winbindd so they
> can not be mapped. (you may add manual mapping via the --groupmap on
> your rsync commandline).
> I assume you can delete the mapping for 3000300 on dc4 and change the
> mapping for  S-1-5-11 to 3000300 (and S-1-5-18 to 3000009 if that id is
> not used by something else) in idmap.ldb on DC4. After an cache flush
> sync things should work again.

I took a backup of the dc4 kvm, and followed the procedure on the wiki 
to copy the idmap.ldb from DC2 to DC4. (a bit more drastical, but it 
seems to have worked out also)

Then YOUR sysvol sync method, over ssh, and now the permissions look 
good on DC4.



More information about the samba mailing list