[Samba] Sync UID/GUI between two DCs
rpenny at samba.org
Thu Sep 19 07:13:16 UTC 2019
On 19/09/2019 00:19, Simeon Peter via samba wrote:
> At the moment there is a user "root" in the AD with the UID 0.
> Administrator has an other UID then 0 and I can not give the UID 0 to
> two users.
First thing, if there is a user called 'root' in AD, then delete it, the
user root should only be in /etc/passwd.
Next, if you open idmap.ldb, you will find an object like this:
This the object for Administrator and maps the user to the ID '0', which
is also the ID of the Unix user 'root'. This is how the Windows user
'Administrator' becomes the Unix user 'root'. If 'Administrator' has a
uidNumber attribute, remove it.
> So should I delete the user "root" in the Active Directory and give
> the UID 0 to the Administrator user?
Yes, delete 'root' from AD, remove any rfc2307 attributes from
'Administrator' and run 'net cache flush', this will reset
'Administrator' back to the ID '0'.
> Which default group should it belong to?
> There is the Group "BUILTIN\Administrators", which has a custom
> GIDnumber at the moment. Should it have an Unix GID also? Is there a
> Unix Group "root" with GID 0?
Not sure I understand the above, what is the difference between a
'custom GIDnumber' and a 'Unix GID' ?
If the 'custom GIDnumber' is a number in the '3000000' range, then this
is actually an xidNumber from idmap.ldb
'Administrators' and 'BUILTIN\Administrators' is the same group and it
shouldn't have a gidNumber attribute, also there is a Unix group 'root'
in /etc/group and like the Unix user 'root', it shouldn't be in AD.
More information about the samba