[Samba] Problems with GPO

Rowland Penny rpenny at samba.org
Mon Nov 7 08:58:18 UTC 2016 

On Mon, 7 Nov 2016 09:41:33 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:

> Looking at you config setup, i noticed a few things. 
> 
>  
> 
> DC1. 
> 
> /etc/resolv.conf
> domain empresa.com.br
> search empresa.com.br
> nameserver 192.168.200.25   (=dc1)
> nameserver 192.168.200.10
> 
>  
> 
> /etc/resolv.conf
> domain empresa.com.br
> search empresa.com.br
> nameserver 192.168.200.4   (dc=2)
> nameserver 192.168.200.10
> 
>  
> 
>  
> 
> /etc/resolv.conf
> domain empresa.com.br
> search empresa.com.br
> nameserver 192.168.200.25
> nameserver 192.168.200.10
> 
>  
> 
> I suggest you change you DC resolv.conf setup first and change the
> following. 
> 
>  
> 
> DC1. 
> 
> nameserver 192.168.200.4
> 
> nameserver 192.168.200.25 
> 
>  
> 
> DC2
> 
> nameserver 192.168.200.25
> 
> nameserver 192.168.200.4
> 
>  
> 
> Fileserver 
> 
> nameserver 192.168.200.4
> 
> nameserver 192.168.200.25
> 
>  
> 
>  
> 
> and to make sure run this script, to check on database replication
> errors. 
> 
> http://downloads.van-belle.nl/samba4/samba-check-db-repl.sh 
> 
> This compaires the samba AD DC databases. ( up to 10 DC.s ) 
> 
> Its no need to configure anything in the script. 
> 
>  
> 
> And based on you config below i guessing you AD DC servers are runing
> backend RID and the file server backend AD.
> 

No he isn't, there is no such thing as 'rid' backend on a DC.

A DC uses the xidNumbers in 'idmap.ldb' OR uidNumber & gidNumber
attributes in AD. No IDs are calculated on an AD DC

> A mixed setup is, as far as I know not supported. 
> 
>  
> 
> Please reread :
> 
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Setting_up_the_AD_DNS_back_end 
> 
> start and the second blue part after ?Provisioning a Samba Active
> Directory?  
> 
> ..... 
> 
> However, to enable them in an existing domain requires to manually
> extend the AD schema. For further details about Unix attributes in
> AD, see:: 
> *	Setting up RFC2307 in AD 
> *	idmap config = ad 
> 

Never add the above line to the smb.conf on a DC, it will do
NOTHING!
 
Rowland

More information about the samba mailing list