[Samba] id mapping on a dc+file server
rpenny at samba.org
Thu Aug 8 12:58:29 UTC 2019
On 08/08/2019 13:37, Pisch Tamás via samba wrote:
> I have a question again about my test environment. I have dc1, dc2,
> fileserver1, and dc3. dc3 is on an another site, and is functioning as
> fileserver too. As I read in the documentation, I cannot (shouldn't) use
> idmap config parameters in the smb.conf on my dc3. Unfortunately, first I
> copied that parameters too from fileserver1 (I use rid backend on
> fileserver1). So, I removed the idmap config lines from the dc3 smb.conf.
> When I create a file from Windows on a dc3 share, the owner is ok
> (DOMAIN\user), but the group is users. From the dc3 command line, I can set
> user, and group ownership correctly.
> How can I correct the setup on dc3?
> bind interfaces only = Yes
> dns forwarder = 188.8.131.52
> dos charset = CP852
> interfaces = lo enp0s3
> logon path = ""
> name resolve order = lmhosts host bcast
> netbios name = DC3
> realm = A.B.HU
> server role = active directory domain controller
> template homedir = /home/%D/users/%U
> template shell = /bin/bash
> unix charset = UTF8
> username map = /etc/samba/user.map
> workgroup = A
> idmap_ldb:use rfc2307 = yes
> csc policy = disable
Nothing to do with your problem, but remove these lines from the smb.conf:
logon path = ""
username map = /etc/samba/user.map
The first is doing nothing and the second is probably interfering with
the user mapping in idmap.ldb.
It is probably a bit late to change now, but there is only one way to
get the same numeric ID everywhere and that is to use the 'ad' winbind
backend. The required uidNumber & gidNumber attributes will override the
xidNumber attributes used on a DC e.g. if you give Domain Users the
gidNumber '10000', then all DCs will use '10000' for Domain Users and if
you use the 'ad' backend on the fileserver, Domain Users will have the
More information about the samba