[Samba] problem map uuid users and group

Fri Jun 15 06:58:37 UTC 2018

for the groups and users it is necessary to configure on the AD side 
UNIX Attributes and edit /etc/nsswitch.conf

passwd:     files winbind
shadow:     files winbind
group:      files winbind


after edit config samba to

SERVER DC:
[global]
          netbios name = SRV-DC02
          realm = EXAMPLE.RU
          workgroup = EXAMPLE
          server role = active directory domain controller
          log level = 2 auth_json_audit:3


SHARE:
[global]
    netbios name = SRV-SHARE
    workgroup = EXAMPLE
    realm = EXAMPLE.RU
    server string = %h rsync host
    security = ads


14.06.2018 20:28, Rowland Penny via samba пишет:
> On Thu, 14 Jun 2018 18:02:29 +0500
> Шигапов Денис Вильданович via samba <samba at lists.samba.org> wrote:
>
>> Hi,
>> How to make the user id on the domain controller and the file server
>> the same
>>
>> SERVER DC:
>> [global]
>>           netbios name = SRV-DC02
>>           realm = EXAMPLE.RU
>>           workgroup = EXAMPLE
>>           server role = active directory domain controller
>>           log level = 2 auth_json_audit:3
>>           username map = /etc/samba/username_map
>>           vfs objects = acl_xattr
>>           store dos attributes = Yes
>>
>> [root at srv-dc02 ~]# id vas.lah at example.ru
>> uid=3000416(EXAMPLE\vas.lah) gid=100(users)
>> группы=100(users),3000416(EXAMPLE\vas.lah),3000051(EXAMPLE\domain
>> admins),3000054(EXAMPLE\группа с запрещением репликации паролей
>> rodc),3000055(EXAMPLE\администраторы wsus),3000056(EXAMPLE\wsus
>> administrators),3000035(EXAMPLE\1c_links_ут),3000001(BUILTIN\users),3000000(BUILTIN\administrators),3000057(BUILTIN\performance
>> log users),3000043(BUILTIN\performance monitor users)
>>
>>
>>
>> SHARE:
>> [global]
>>     netbios name = SRV-SHARE
>>     workgroup = EXAMPLE
>>     realm = EXAMPLE.RU
>>     server string = %h rsync host
>>     # server role = member server
>>     security = ads
>>
>> [root at srv-share samba]# id vas.lah at example.ru
>> uid=3188138(EXAMPLE.RU\vas.lah) gid=3000513(domain users)
>> группы=3000513(domain users),3188138(EXAMPLE.RU\vas.lah),3109633(wsus
>> administrators),3034556(1c_links_ут),3111123(администраторы
>> wsus),3100572(группа с запрещением репликации паролей
>> rodc),3100512(domain admins),3153446(администратор 4
>> категории),3000001(BUILTIN\users),3000000(BUILTIN\administrators)
> The first thing to do, remove these lines from the Samba AD DC:
>
>           username map = /etc/samba/username_map
>           vfs objects = acl_xattr
>           store dos attributes = Yes
>
> They have no place in a Samba AD DC smb.conf.
>
> There is only one way to have the same ID's everywhere on Unix and that
> is to use the winbind 'ad' backend. This entails giving your users &
> groups uidNumber & gidNumber attributes, then run 'net cache flush' on
> the DC, most ID's will change.
>
> You then need to set up the smb.conf correctly on the Unix domain
> member (yours is correct as far as it goes, it just doesn't go far
> enough).
>
> Can I suggest you read this:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> Anything you don't understand, or have questions about, please ask.
>
> Rowland
>
>