[Samba] id mapping on a dc+file server

L.P.H. van Belle belle at bazuin.nl
Mon Aug 12 15:07:13 UTC 2019 

Hai Stefan, 

Why make DC2 a member?? 
Leave it as is, setup a new member, much better, and i'll bet less work/stress. 

If you current member is a virtual server, follow these setups. 
Pick a source server. 

Disable samba + winbind for starting up. 
Stop samba + winbind. 
Then down the member. 
!!! THIS ORDER !!! 

Copy the virtual.
Start the new virtual.  
Change smb.conf and correct the hostname/ipnumbers to the new name. 
^^^^^^^^^^^^^^^^^^^^^^^^^ 
DO THIS FIRST. 

If you forget that, then your source member will get errors. 
So dont forget that. ! 

https://wiki.debian.org/HowTo/ChangeHostname
^^ follow it and change the /ip/hostnames where needed. 

Cleanup /var/*(lib,cache)/samba 
Reboot 

And rejoin samba now as normal. 
! You can do this also with DC2 as base, but thats up to you to assess what is the best option for you. 

And dont forget to enable samba startup again on the vm's 


Greetz, 

Louis


 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Stefan G. Weichinger via samba
> Verzonden: zaterdag 10 augustus 2019 18:30
> Aan: samba
> Onderwerp: Re: [Samba] id mapping on a dc+file server
> 
> Current plan : add a third DC, make dc2 a dm file server. 
> Best solution
> imo.
> 
> Am 10. August 2019 10:47:39 MESZ schrieb Rowland penny via samba
> <samba at lists.samba.org>:
> 
>     On 10/08/2019 09:34, Stefan G. Weichinger via samba wrote:
> 
>         Am 10.08.19 um 09:49 schrieb Rowland penny via samba:
> 
>             On a DC, as standard, the numeric IDs are allocated on a
>             first come
>             basis from the '3000000' range.
> 
>             On Unix domain members it depends on two things, which
>             winbind backend
>             you use, linked with the Domain range set in AD, the
>             examples on the
>             Samba wiki use '10000-999999'
> 
>         What is the reason for these decisions? Why don't DCs and DMs
>         "behave"
>         the same?
> 
> 
>     I wasn't party to these decisions, but I think Samba at one point
>   planned to provision member servers (in fact the code is 
> still there,
>     but doesn't actually work), if this had worked, perhaps 
> we would all
> be     using numeric IDs in the '3000000' range.
> 
>     As I said, you can get DCs and Unix domain members to 
> work similarly
> by     using the 'ad' backend, but even here there are 
> problems, you can
> only     get the IDs from AD on a DC.
> 
>     Rowland
> 
> 
> 
> -- 
> Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail
> gesendet.
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list