[Samba] GID mappings of built-in groups when addin additional dc

Achim Gottinger achim at ag-web.biz
Sun Oct 2 10:44:52 UTC 2016

Am 02.10.2016 um 12:24 schrieb Rowland Penny via samba:
> On Sun, 2 Oct 2016 11:45:15 +0200
> Achim Gottinger via samba <samba at lists.samba.org> wrote:
>> Am 02.10.2016 um 08:20 schrieb Trenta sis via samba:
>>> Hi,
>>> I have a samba 4.4.5 AD domain and is working perfect, but now I
>>> need to add a second samba 4 AD, I have found that in
>>> https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory
>>> is detailed the correct steps, my question is about step related
>>> with winbind (tdbbackup) builtin groups, appears a message "*NOTE:
>>> Only do this if you are running a version of Samba before 4.2.0 or
>>> are using the built-in winbind.*" but I'm not sure if in my
>>> environment I have to make this step.
>>> I have installed and configured samba 4.4.5 from sources and only
>>> added
>>> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member#libnss_winbind
>>> https://wiki.samba.org/index.php/Libnss_winbind_links
>>> In my environment is needed tdbbackup when you adds second dc?
>>> Thanks
>> The step "GID mapping of build-in groups" is still required with
>> 4.4.5, no matter if you use winbind or winbindd.
> This is no longer required on any supported version of Samba, you just
> need to run 'samba-tool ntacl sysvolreset'
> Rowland
We discussed this a while back, back then you did not have the time to 
compare your rsync setup.

It is still required if you do not want to run sysvolreset after each 
rsync of the sysvol folders.

More information about the samba mailing list