[Samba] two domain members, different groupIDs
Stefan G. Weichinger
lists at xunil.at
Thu Jun 22 08:12:41 UTC 2017
Observation:
2 sambas, ADS-member servers
one is Debian, samba-4.2.14
2nd is Gentoo, samba-4.5.10
1)
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
idmap config mydomain:schema_mode = rfc2307
idmap config mydomain:range = 10000-99999
idmap config mydomain:backend = rid
idmap config *:range = 2000-9999
idmap config * : backend = tdb
# wbinfo --group-info=domänen-benutzer
domänen-benutzer:x:10513:
2)
winbind use default domain = Yes
idmap config * : range = 10001-20000
idmap config domain : backend = rid
idmap config domain : range = 10000-20000
idmap config domain : base_rid = 0
idmap config * : backend = tdb
# wbinfo --group-info=domänen-benutzer
domänen-benutzer:x:10008:
I understand/assume that the different idmap configs might cause the
mismatch in the mapped(?) groupids.
Can I fix that without breaking things?
On which server?
... oh my, I checked a 3rd one for reference:
# wbinfo --group-info=domänen-benutzer
domänen-benutzer:x:10027:
:-(
More information about the samba
mailing list