[Samba] id mapping on a dc+file server
Stefan G. Weichinger
lists at xunil.at
Thu Aug 29 16:56:45 UTC 2019
On 29.08.19 18:24, Stefan G. Weichinger via samba wrote:
> Am 29.08.19 um 18:10 schrieb Rowland penny via samba:
>
>>> after that this former DC should become a plain DM file server
>>>
>>> Should I rm /var/lib/samba before editing smb.conf and re-joining?
>>
>> Just remove the .tdb & .ldb files and any cache files, do not remove the
>> main directory structure (except for sysvol etc).
>
> ok, will try in about 30mins
> thanks!
>
ok so far, works basically.
But when I compare the group "domain users" on the 2 fileservers I see
this issue:
# former fileserver
# wbinfo --group-info="domain users"
domain users:x:10513:
(correct to me)
# new DM
# wbinfo --group-info="domain users"
domain users:x:100:
("100" is wrong ...)
"same" smb.conf:
[global]
security = ADS
workgroup = ARBEITSGRUPPE
realm = arbeitsgruppe.mydom.at
netbios name = BACKUP
log level = 2
# template
winbind nss info = template
template shell = /bin/bash
template homedir = /mnt/samba/Daten/%U
idmap config * : backend = tdb
idmap config * : range = 2000-3999
idmap config ARBEITSGRUPPE:backend = rid
idmap config ARBEITSGRUPPE:range = 10000-99999
username map = /etc/samba/user.map
kerberos method = secrets and keytab
dedicated keytab file = /etc/krb5.keytab
winbind use default domain = Yes
winbind refresh tickets = Yes
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
More information about the samba
mailing list