[Samba] id mapping on a dc+file server
pischta at gmail.com
Fri Aug 9 08:00:36 UTC 2019
Thanks for your answer. It is clearer now for me.
> >> It is probably a bit late to change now, but there is only one way to
> >> get the same numeric ID everywhere and that is to use the 'ad' winbind
> >> backend.
So, on the Linux clients?
> > This is why I removed the idmap config entries from the dc3 smb.conf.
> > "On a Samba Active Directory DC, Winbindd always reads the user IDs
> > (UID) and group IDs (GID) from the values set in the uidNumber and
> > gidNumber attributes set in the AD objects. For users and groups not
> > having a UID or GID assigned, an ID is generated locally on the DC and
> > stored in the /usr/local/samba/private/idmap.ldb file."
> > There isn't uidNumber, and gidNumber in my users' objects.
> > If you are correct, then the documentation is wrong/outdated.
> No there isn't anything really wrong with the documentation, you are
> just misunderstanding it, so it sounds like it needs making plainer.
> You cannot add the 'idmap config' lines to a smb.conf on a DC, the
> id-mapping is done via idmap.ldb, the users & groups are mapped to
> xidNumber attributes in there.
And is it hidden? I mean, 'samba-tool user show username' don't show
> If you give normal users & groups a uidNumber or gidNumber, these will
> be used instead of the xidNumbers on DCs, you will need to use the
> winbind 'ad' backend on Unix domain members to use the uidNumber &
> gidNumber attributes.
I use rid on fileserver. So, when I get the users' uid and gid on it,
and set them as uidNumber and gidNumber on dc3, and I use the net
cache flush on dc3, then should I see the same user and group id on
dc3 as on fileserver1, for example with getent passwd?
I tested it with an existing user. Now, I see the uidNumber, and
gidNumber (set by myself) with samba-tool user show user1, but the
getent passwd A\\user1 shows the old user, and group id.
More information about the samba