[Samba] id mapping on a dc+file server
Rowland penny
rpenny at samba.org
Fri Aug 9 17:57:26 UTC 2019
On 09/08/2019 18:13, Stefan G. Weichinger via samba wrote:
> Am 09.08.19 um 12:49 schrieb Rowland penny via samba:
>> On 09/08/2019 10:33, Pisch Tamás via samba wrote:
>>>> You have to give any users you require visible on Unix a uidNumber
>>>> attribute
>>> Ok, I can do it with samba-tool user edit...
> I think my rsnapshot-issue corresponds with this thread as well.
>
> wbinfo -i userXY shows different uids on the DC and the DM.
>
> Therefore the rsynced files belonging to uid-of-user-on-DM are shown as
> plain uid-number on the DC and can't be accessed correctly.
>
> Seems I need to add a uid as well.
>
> sorry if I hijacked here, just adding my current view ...
>
>
Ah, so you are backing up something from a DC to a Unix domain member,
then you may have problems.
There are three main methods of setting IDs:
On a DC, by default, idmap.ldb is used, this stores the IDs in xidNumber
attributes and the range starts at '3000000', these numbers are only
used on a Samba AD DC.
For Unix domain members, there are the 'rid' and 'ad' winbind backends,
the 'rid' backend calculates the ID from the RID and the low DOMAIN
range set in smb.conf, so if the low range is '10000' and the first RID
is '1000' the first user ID will be '11000'
The 'ad' backend uses the uidNumber & gidNumber attibutes from AD, as
long as they are inside the DOMAIN range set in smb.conf.
The only way to get the same IDs everywhere on Unix is to use the
uidNumber & gidNumber attributes, they will override the xidNumbers on
a DC, but you will have to use the 'ad' backend.
If you use the 'rid' backend, you can get the same IDs on Unix domain
members, but only if you use the same 'idmap config' lines on all Unix
domain members, however you will still have different IDs on the DC's.
A different way around this would be to backup to a directory and then
tar the directory into a file.
Rowland
More information about the samba
mailing list