[Samba] Replace AD DC FS with 2 new servers
amundsmark at mail.com
Mon Nov 26 14:27:28 UTC 2018
So I added a second DC with the rfc2307 option. It replicates and I auth works. yay.
>> Does this also mean that the member server that will act as a file
>> server should have idmap config = ad?
> Only if you have manually added uidNumber & gidNumber attributes to AD
I belive the microsoft admin tools have always been used to add users and groups
Is 'idmap rid' a better choice than ad? Can I still copy files with rsync in that case or will file ownership be mangled?
>> The documentation is not clear to me, in the wiki for setting up a
>> domain controller it is recommended to use rfc2307 but in the wiki on
>> how to set that up it is recommended to _not_ use rfc2307 in a DC.
> No, I think you mean that you should provision with 'use-rfc2307' but it
> is not recommended to use a DC as a fileserver.
As I already added the new DC, this doesn't matter anymore. However:
'When provisioning a new AD, it is recommended to enable the NIS extensions by passing the --use-rfc2307 parameter ...'
'It is recommended not to use those mappings on the DCs'
Thanks for your input, much appreciated!
More information about the samba