[Samba] id mapping on a dc+file server

Stefan G. Weichinger lists at xunil.at
Thu Aug 29 16:56:45 UTC 2019


On 29.08.19 18:24, Stefan G. Weichinger via samba wrote:
> Am 29.08.19 um 18:10 schrieb Rowland penny via samba:
> 
>>> after that this former DC should become a plain DM file server
>>>
>>> Should I rm /var/lib/samba before editing smb.conf and re-joining?
>>
>> Just remove the .tdb & .ldb files and any cache files, do not remove the
>> main directory structure (except for sysvol etc).
> 
> ok, will try in about 30mins
> thanks!
> 

ok so far, works basically.
But when I compare the group "domain users" on the 2 fileservers I see 
this issue:

# former fileserver

# wbinfo --group-info="domain users"
domain users:x:10513:

(correct to me)

# new DM

# wbinfo --group-info="domain users"
domain users:x:100:

("100" is wrong ...)

"same" smb.conf:

[global]
	security = ADS
	workgroup = ARBEITSGRUPPE
	realm = arbeitsgruppe.mydom.at
	netbios name = BACKUP
     log level = 2

# template
winbind nss info = template
template shell = /bin/bash
template homedir = /mnt/samba/Daten/%U
	
	idmap config * : backend = tdb
	idmap config * : range = 2000-3999

	idmap config ARBEITSGRUPPE:backend = rid
	idmap config ARBEITSGRUPPE:range = 10000-99999

	username map = /etc/samba/user.map

	kerberos method = secrets and keytab
         dedicated keytab file = /etc/krb5.keytab

	winbind use default domain = Yes
	winbind refresh tickets = Yes
	
	vfs objects = acl_xattr
	map acl inherit = yes
	store dos attributes = yes



More information about the samba mailing list