[Samba] UID/GID -> SID -> NAME mapping across multiple DCs

Taylor Hammerling thammerling at tcsbasys.com
Fri Dec 15 19:16:51 UTC 2017 

ok, I followed the directions on that wikipage, made a hot backup, copied
the hot backup over to the new DC, renamed the hot backup (thus replacing
the existing idmap.ldb) and ran "samba-tool ntacl sysvolreset" and it spat
out the following after a minute or 2 of thinking...

root at dc1 samba/private# samba-tool ntacl sysvolreset
open: error=2 (No such file or directory)
ERROR(runtime): uncaught exception - (-1073741823, '{Operation Failed} The
requested operation was unsuccessful.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 239,
in run
    lp, use_ntvfs=use_ntvfs)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line
1609, in setsysvolacl
    set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
use_ntvfs, passdb=s4_passdb)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line
1514, in set_gpos_acl
    passdb=passdb)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line
1477, in set_dir_acl
    setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs,
skip_invalid_chown=True, passdb=passdb, service=service)
  File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 162, in
setntacl
    smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP |
security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)
root at dc1 samba/private#


Please note, DC2 is the DC that has the correct GID mappings, DC1 does not,
so I'm copying from DC2 to DC1.

On Fri, Dec 15, 2017 at 1:08 PM, Taylor Hammerling <thammerling at tcsbasys.com
> wrote:

> Danke!
>
> On Fri, Dec 15, 2017 at 1:03 PM, Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
>> On Fri, 15 Dec 2017 11:56:25 -0600
>> Taylor Hammerling <thammerling at tcsbasys.com> wrote:
>>
>> > Interesting... How do I go about getting them/keeping them in sync?
>> >
>>
>> see here:
>>
>> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Ex
>> isting_Active_Directory#Built-in_Groups_GID_Mappings
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
>
> --
> *Taylor Hammerling* |  *IT Manager*
> 2800 Laura Lane | Middleton, WI 53562
> *O *(608) 669-9070 *| C *(608) 512-7849
> tcsbasys.com | ubiquistat.com
>



-- 
*Taylor Hammerling* |  *IT Manager*
2800 Laura Lane | Middleton, WI 53562
*O *(608) 669-9070 *| C *(608) 512-7849
tcsbasys.com | ubiquistat.com

More information about the samba mailing list