[Samba] Samba 4.6.7 AD, Netapp CDOT 9.2 and missing "Domain Users" membership

Rowland Penny rpenny at samba.org
Mon Oct 23 07:29:06 UTC 2017


On Mon, 23 Oct 2017 09:11:23 +0200
Giuseppe Ravasio <giuseppe_ravasio at ch.modiano.com> wrote:

> On 10/20/2017 05:48 PM, Rowland Penny via samba wrote:
> >> So I tried what is suggested in this thread:
> >> https://lists.samba.org/archive/samba/2016-April/thread.html#199609
> > 
> > I really should have said there that using '513' wasn't a good
> > idea ;-)
> 
> ok I'll revert to 100 ;-)
> 
> > The only way to get the same IDs everywhere is to use the winbind
> > 'ad' backend, you will need to give your users and groups RFC2307
> > attributes though. Windows (when using RSAT) starts the IDs at
> > '10000' and it is suggested to use that start number.
> 
> This means that even if I deployed the Domain with "--use-rfc2307" the
> RFC2037 attributes are not already populated?
> 

All that using '--use-rfc2307' does is allow the use of rfc2307
attributes such as 'uidNumber' and 'gidNumber', it does not
populate any of the rfc2307 attributes.

DCs works slightly different from Unix domain members, they use
'xidNumber' attributes in idmap.ldb, these attributes are only used on
the DC and nowhere else. These 'xidNumber' attributes can be
overridden by using rfc2307 attributes 

Rowland



More information about the samba mailing list