[Samba] moved DM config to new server : gids different etc

Rowland penny rpenny at samba.org
Wed Nov 27 10:02:00 UTC 2019

On 27/11/2019 09:52, Stefan G. Weichinger via samba wrote:
> Am 26.11.19 um 18:06 schrieb Stefan G. Weichinger via samba:
>> Am 26.11.19 um 17:19 schrieb L.P.H. van Belle:
>>> Hai Stefan,
>>> Remove the netbios alias and then put that as CNAME in the DNS
>>> Verify if the server its PTR is set also.
>>> And yeah, your totaly correct that your ACL is messed up..
>>> Because your using backend RID.
>>> The "advantage" of backend AD.
>>> Consistent IDs on all Samba clients and servers using the ad back end.
>>> Which is also the DISAVANTAGE of RID.
>>> IN-Consistent IDs on all Samba clients and servers with RID.
>>> Maybe im bit wrong here, with recent updates, .. Then Rowland will correct me.. ;-)
>>> But this is exactly why i ONLY use AD backends.
>>> I suggest, setup a folder, correct the rights, and use get-set facl to apply them again on the filesystem/folders/files.
>> Not now, not today.
>> That server will be replaced in the next days, and today is a stressful
>> and long day already.
>> Things *worked* fine with this smb.conf for quite some time, so even
>> when I understand the better approach you recommend, I won't do these
>> changes right now.
> OK; new server comes today, I get access to it in the next hours and
> will start installing Debian Buster and run my provisioning on it first.
> I now have the name of the domain and the IPs of the DCs etc ... so I
> could theoretically start from scratch more or less and *maybe* switch
> to backend AD here.
Do you use the AD DCs for anything other than authentication and GPOs ?

If you do, then the 'ad' backend is the way to go, if you don't, then 
stick to the 'rid' backend, it is a lot less work, you do not need to 
add anything to AD, the only real downside is that all users get the 
same home directory path and login shell on each Unix domain member.


More information about the samba mailing list