[Samba] Replace AD DC FS with 2 new servers

Rowland Penny rpenny at samba.org
Mon Nov 26 15:10:59 UTC 2018


On Mon, 26 Nov 2018 15:27:28 +0100
Mark Amundsen via samba <samba at lists.samba.org> wrote:

> Hi
> 
> So I added a second DC with the rfc2307 option. It replicates and I
> auth works. yay.

> >> Does this also mean that the member server that will act as a file
> >> server should have idmap config = ad?
> 
> > Only if you have manually added uidNumber & gidNumber attributes to
> > AD
> 
> I belive the microsoft admin tools have always been used to add users
> and groups

Unless the 'UNIX Attributes' tab was also used, then they will not be
there.

> 
> Is 'idmap rid' a better choice than ad? Can I still copy files with
> rsync in that case or will file ownership be mangled?

Quantify better ?
One isn't really better than the other, they are both usable, but in
different ways and reasons.
It might help if you read this:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

> 
> 
> 
> >>
> >> The documentation is not clear to me, in the wiki for setting up a
> >> domain controller it is recommended to use rfc2307 but in the wiki
> >> on how to set that up it is recommended to _not_ use rfc2307 in a
> >> DC.
> 
> > No, I think you mean that you should provision with 'use-rfc2307'
> > but it is not recommended to use a DC as a fileserver.
> 
> As I already added the new DC, this doesn't matter anymore. However:
> 
> 'When provisioning a new AD, it is recommended to enable the NIS
> extensions by passing the --use-rfc2307 parameter ...' from:
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
> 
> and 
> 'It is recommended not to use those mappings on the DCs'
> from: https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD

I have updated the last page, hopefully it is now more understandable.

Rowland



More information about the samba mailing list