[Samba] UID/GID -> SID -> NAME mapping across multiple DCs

Taylor Hammerling thammerling at tcsbasys.com
Fri Dec 15 19:24:05 UTC 2017 

Apologies, despite that error, the permissions now look good on the sysvol
folder.

Is there anything I need to do moving forward to keep my DCs idmap.ldbs in
sync?  or is this a one time thing?

On Fri, Dec 15, 2017 at 1:16 PM, Taylor Hammerling <thammerling at tcsbasys.com
> wrote:

> ok, I followed the directions on that wikipage, made a hot backup, copied
> the hot backup over to the new DC, renamed the hot backup (thus replacing
> the existing idmap.ldb) and ran "samba-tool ntacl sysvolreset" and it spat
> out the following after a minute or 2 of thinking...
>
> root at dc1 samba/private# samba-tool ntacl sysvolreset
> open: error=2 (No such file or directory)
> ERROR(runtime): uncaught exception - (-1073741823, '{Operation Failed} The
> requested operation was unsuccessful.')
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> 176, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line
> 239, in run
>     lp, use_ntvfs=use_ntvfs)
>   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
> line 1609, in setsysvolacl
>     set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
> use_ntvfs, passdb=s4_passdb)
>   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
> line 1514, in set_gpos_acl
>     passdb=passdb)
>   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
> line 1477, in set_dir_acl
>     setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs,
> skip_invalid_chown=True, passdb=passdb, service=service)
>   File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 162, in
> setntacl
>     smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP
> | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)
> root at dc1 samba/private#
>
>
> Please note, DC2 is the DC that has the correct GID mappings, DC1 does
> not, so I'm copying from DC2 to DC1.
>
> On Fri, Dec 15, 2017 at 1:08 PM, Taylor Hammerling <
> thammerling at tcsbasys.com> wrote:
>
>> Danke!
>>
>> On Fri, Dec 15, 2017 at 1:03 PM, Rowland Penny via samba <
>> samba at lists.samba.org> wrote:
>>
>>> On Fri, 15 Dec 2017 11:56:25 -0600
>>> Taylor Hammerling <thammerling at tcsbasys.com> wrote:
>>>
>>> > Interesting... How do I go about getting them/keeping them in sync?
>>> >
>>>
>>> see here:
>>>
>>> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Ex
>>> isting_Active_Directory#Built-in_Groups_GID_Mappings
>>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>
>>
>>
>> --
>> *Taylor Hammerling* |  *IT Manager*
>> 2800 Laura Lane | Middleton, WI 53562
>> *O *(608) 669-9070 *| C *(608) 512-7849
>> tcsbasys.com | ubiquistat.com
>>
>
>
>
> --
> *Taylor Hammerling* |  *IT Manager*
> 2800 Laura Lane | Middleton, WI 53562
> *O *(608) 669-9070 *| C *(608) 512-7849
> tcsbasys.com | ubiquistat.com
>



-- 
*Taylor Hammerling* |  *IT Manager*
2800 Laura Lane | Middleton, WI 53562
*O *(608) 669-9070 *| C *(608) 512-7849
tcsbasys.com | ubiquistat.com

More information about the samba mailing list