[Samba] id mapping on a dc+file server
Stefan G. Weichinger
lists at xunil.at
Sat Aug 10 07:00:09 UTC 2019
Am 09.08.19 um 19:57 schrieb Rowland penny via samba:
> On 09/08/2019 18:13, Stefan G. Weichinger via samba wrote:
>> Am 09.08.19 um 12:49 schrieb Rowland penny via samba:
>>> On 09/08/2019 10:33, Pisch Tamás via samba wrote:
>>>>> You have to give any users you require visible on Unix a uidNumber
>>>>> attribute
>>>> Ok, I can do it with samba-tool user edit...
>> I think my rsnapshot-issue corresponds with this thread as well.
>>
>> wbinfo -i userXY shows different uids on the DC and the DM.
>>
>> Therefore the rsynced files belonging to uid-of-user-on-DM are shown as
>> plain uid-number on the DC and can't be accessed correctly.
>>
>> Seems I need to add a uid as well.
>>
>> sorry if I hijacked here, just adding my current view ...
>>
>>
> Ah, so you are backing up something from a DC to a Unix domain member,
> then you may have problems.
>
> There are three main methods of setting IDs:
>
> On a DC, by default, idmap.ldb is used, this stores the IDs in xidNumber
> attributes and the range starts at '3000000', these numbers are only
> used on a Samba AD DC.
>
> For Unix domain members, there are the 'rid' and 'ad' winbind backends,
> the 'rid' backend calculates the ID from the RID and the low DOMAIN
> range set in smb.conf, so if the low range is '10000' and the first RID
> is '1000' the first user ID will be '11000'
>
> The 'ad' backend uses the uidNumber & gidNumber attibutes from AD, as
> long as they are inside the DOMAIN range set in smb.conf.
>
> The only way to get the same IDs everywhere on Unix is to use the
> uidNumber & gidNumber attributes, they will override the xidNumbers on
> a DC, but you will have to use the 'ad' backend.
>
> If you use the 'rid' backend, you can get the same IDs on Unix domain
> members, but only if you use the same 'idmap config' lines on all Unix
> domain members, however you will still have different IDs on the DC's.
>
> A different way around this would be to backup to a directory and then
> tar the directory into a file.
Rowland thank you for explaining this (or trying to explain, I still
have to re-read and find it over-complicated).
I try another rsync-parameter now to map via user/group-names instead of
ids. For the use-case of backups/snapshots this might be enough.
More information about the samba
mailing list