[Samba] idmap woes after upgrade

Rowland Penny rpenny at samba.org
Sat May 27 12:38:19 UTC 2017

On Sat, 27 May 2017 12:15:46 +0000
Tim ODriscoll via samba <samba at lists.samba.org> wrote:

> On 27 May 2017 12:45:
> On Sat, 27 May 2017 11:02:36 +0000
> Tim ODriscoll <tim.odriscoll at lambrookschool.co.uk> wrote:
> > The other lines never did anything on a DC.
> Thank you, I've removed them now..
> > Unless you manually add uidNumber attributes to users and gidNumber
> > attributes to groups, id mapping on a DC is done in idmap.ldb and
> > results in ID numbers in the 3000000 range.
> My add_user script keeps track of uidNumber's and makes sure they're
> unique.

There are a couple of attributes in AD that you can use to do this.
> > If you rely on idmap.ldb for your ID mappings, you will need to keep
> > idmap.ldb in sync on both DCs, otherwise you are very likely to get
> > different user & group IDs on each DC. This is only a concern if you
> > use the DCs as a fileserver.
> I do use the DCs as fileservers using glusterfs, but I only map one
> DC's share keeping the other as a cold-spare. I'd like to improve
> that so that I can hot-swap the logon scripts to make users map
> shares on different servers.

OK, you only need to keep idmap.ldb in sync if you use both DCs as
fileservers or if you are using GPOs.

> This is the last piece now - gettting the uid's showing up on the
> file system so I can use usernames instead of uidNumbers. I can add
> idmap.ldb syncing into my add_user script, but at the moment the
> filesystem is showing uid's from uidNumber, not the xidNumber in
> idmap.ldb. Which way is correct?

The xidNumber attributes in idmap.ldb are created automatically, but if
the user is given a uidNumber attribute, this will always be used


More information about the samba mailing list