[Samba] id mapping on a dc+file server

[Rowland penny]

On 09/08/2019 18:13, Stefan G. Weichinger via samba wrote:
> Am 09.08.19 um 12:49 schrieb Rowland penny via samba:
>> On 09/08/2019 10:33, Pisch Tamás via samba wrote:
>>>> You have to give any users you require visible on Unix a uidNumber
>>>> attribute
>>> Ok, I can do it with samba-tool user edit...
> I think my rsnapshot-issue corresponds with this thread as well.
>
> wbinfo -i userXY shows different uids on the DC and the DM.
>
> Therefore the rsynced files belonging to uid-of-user-on-DM are shown as
> plain uid-number on the DC and can't be accessed correctly.
>
> Seems I need to add a uid as well.
>
> sorry if I hijacked here, just adding my current view ...
>
>
Ah, so you are backing up something from a DC to a Unix domain member, 
then you may have problems.

There are three main methods of setting IDs:

On a DC, by default, idmap.ldb is used, this stores the IDs in xidNumber 
attributes and the range starts at '3000000', these numbers are only 
used on a Samba AD DC.

For Unix domain members, there are the 'rid'  and 'ad' winbind backends, 
the 'rid' backend calculates the ID from the RID and the low DOMAIN 
range set in smb.conf, so if the low range is '10000' and the first RID 
is '1000' the first user ID will be '11000'

The 'ad' backend uses the uidNumber & gidNumber attibutes from AD, as 
long as they are inside the DOMAIN range set in smb.conf.

The only way to get the same  IDs everywhere on Unix is to use the 
uidNumber  & gidNumber attributes, they will override the xidNumbers on 
a DC, but you will have to use the 'ad' backend.

If you use the 'rid' backend, you can get the same IDs on Unix domain 
members, but only if you use the same 'idmap config' lines on all Unix 
domain members, however you will still have different IDs on the DC's.

A different way around this would be to backup to a directory and then 
tar the directory into a file.

Rowland