[Samba] Replace AD DC FS with 2 new servers
Rowland Penny
rpenny at samba.org
Mon Nov 26 15:10:59 UTC 2018
On Mon, 26 Nov 2018 15:27:28 +0100
Mark Amundsen via samba <samba at lists.samba.org> wrote:
> Hi
>
> So I added a second DC with the rfc2307 option. It replicates and I
> auth works. yay.
> >> Does this also mean that the member server that will act as a file
> >> server should have idmap config = ad?
>
> > Only if you have manually added uidNumber & gidNumber attributes to
> > AD
>
> I belive the microsoft admin tools have always been used to add users
> and groups
Unless the 'UNIX Attributes' tab was also used, then they will not be
there.
>
> Is 'idmap rid' a better choice than ad? Can I still copy files with
> rsync in that case or will file ownership be mangled?
Quantify better ?
One isn't really better than the other, they are both usable, but in
different ways and reasons.
It might help if you read this:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
>
>
> >>
> >> The documentation is not clear to me, in the wiki for setting up a
> >> domain controller it is recommended to use rfc2307 but in the wiki
> >> on how to set that up it is recommended to _not_ use rfc2307 in a
> >> DC.
>
> > No, I think you mean that you should provision with 'use-rfc2307'
> > but it is not recommended to use a DC as a fileserver.
>
> As I already added the new DC, this doesn't matter anymore. However:
>
> 'When provisioning a new AD, it is recommended to enable the NIS
> extensions by passing the --use-rfc2307 parameter ...' from:
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
>
> and
> 'It is recommended not to use those mappings on the DCs'
> from: https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD
I have updated the last page, hopefully it is now more understandable.
Rowland
More information about the samba
mailing list