[Samba] Upgrade from 4.4.3 to 4.9.13, idmap question
Pablo Sanz Fernández
psanz at empre.es
Tue Oct 22 09:56:18 UTC 2019
We have samba 4.4.3, provisioned as AD controller, compiled with "./configure --with-shared-modules=idmap_ad" option.
The smb.conf has the following idmap configuration:
idmap_ldb:use rfc2307 = yes
idmap config EADOM:backend = ad
idmap config EADOM:schema_mode = rfc2307
idmap config EADOM:range = 500-149999
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
If we update to 4.9.13 (direct upgrade) or any versión greater tan 4.5, we know that we must remove the idmap lines from smb.conf, and also execute the command "samba-tool dbcheck -cross-ncs -fix -yes".
But, does it have any implications with the user and computer accounts id mapping? A computer or user that was in AD before update and change the smb.conf removing the idmap section, will keep his attributes like objectSID untouched?
In summary, should we worry that some computer will leave the domain because the upgrade changes some of its account attributes in the AD?
More information about the samba