[Samba] Problem achieving manual synchronisation of idmap.ldb and the associated User and Group ID mappings between two Samba 4 AD DCs
Rowland Penny
rpenny at samba.org
Tue Mar 26 11:56:48 UTC 2019
On Tue, 26 Mar 2019 07:37:54 -0400
Jonathon Reinhart via samba <samba at lists.samba.org> wrote:
> I recently went through these steps from the wiki and took the
> following notes which I had not yet shared / suggested for the wiki.
> (This is from mobile, sorry for the terse message.)
>
> - You need to clear the idmap cache after copying idmap.ldb ("net
> cache clear") otherwise you could have stale entries hanging around.
I have added that.
>
> - You need to sync SysVol before running sysvol reset, because
> samba-tool falls on its face if that directory is empty.
This has also been added.
>
> - The initial permissions of the the stuff in Sysvol didn't match what
> "sysvol reset" wanted. I'm not sure who initially created the stuff
> with bad permissions.
I have been saying this for years, the permissions set on a Samba AD DC
do not appear to match what a Windows DC uses.
Rowland
More information about the samba
mailing list