[Samba] idmap woes after upgrade
Tim ODriscoll
tim.odriscoll at lambrookschool.co.uk
Sat May 27 12:15:46 UTC 2017
On 27 May 2017 12:45:
On Sat, 27 May 2017 11:02:36 +0000
Tim ODriscoll <tim.odriscoll at lambrookschool.co.uk> wrote:
> The other lines never did anything on a DC.
Thank you, I've removed them now..
> Unless you manually add uidNumber attributes to users and gidNumber
> attributes to groups, id mapping on a DC is done in idmap.ldb and
> results in ID numbers in the 3000000 range.
My add_user script keeps track of uidNumber's and makes sure they're unique.
> If you rely on idmap.ldb for your ID mappings, you will need to keep
> idmap.ldb in sync on both DCs, otherwise you are very likely to get
> different user & group IDs on each DC. This is only a concern if you
> use the DCs as a fileserver.
I do use the DCs as fileservers using glusterfs, but I only map one DC's share keeping the other as a cold-spare. I'd like to improve that so that I can hot-swap the logon scripts to make users map shares on different servers.
This is the last piece now - gettting the uid's showing up on the file system so I can use usernames instead of uidNumbers. I can add idmap.ldb syncing into my add_user script, but at the moment the filesystem is showing uid's from uidNumber, not the xidNumber in idmap.ldb. Which way is correct?
> You also mentioned [homes], this does not work on a DC, see here:
Thank you - I missed that. I've now got my 'users' share working and I can see my files!
> When you upgraded Samba, did libnss_winbind.so get upgraded as well ?
Yes, I believe it did. I've done the 'ldconfig -v | grep winbind' and then checked the timestamp of libnss_winbind.so and it's recent.
Thank you very much for your input,
Tim
More information about the samba
mailing list