[Samba] Need help with roaming profiles

Anders Östling anders.ostling at gmail.com
Tue Jun 30 09:34:36 UTC 2020

On Tue, Jun 30, 2020 at 11:24 AM Rowland penny via samba
<samba at lists.samba.org> wrote:
> On 30/06/2020 09:50, Anders Östling wrote:
> >> You have 'workgroup = HPLTS' and 'idmap config dg11', again, they must match
> > As I wrote in the previous reply, that was a mistake from the initial
> > deployment. However, I have a copy of the VM and when I corrected DG11
> > to HLPTS and restarted the services, this happes:
> >
> > getent group "Oldgroup" returns a value in the 10000 range (as
> > specified in the idmap config * statement).
> If 'oldgroup' isn't in the the 'HLPTS' domain, this is to be expected.
> > I now created a new group in the domain, and expected to get a value
> > in the range 30000 (as specified in the idmap config HPTLS statement).
> You should.
> > Again, I probably don't understand the different backends (tdb vs rid)
> > functions enough.
> The default domain '*' uses tdb and is an allocating db, the 'rid'
> backend for your HPTLS domain uses the AD objects RID to calculate the
> Unix ID.
> >   The new group was given a id of 10032, so it seems
> > as if the * statement still is the used range. Is this expected
> > behaviour?
> No, it isn't, if the group exists in AD and the AD domain name is
> 'HPTLS' , from what you have posted, I would expect the Unix ID to start
> with a '3'. Have you run 'net cache flush' ?

I did this on the test system but cant see any difference. Both the
old and newly created groups have id's in the 10000 range.

I remove the server from the domain
Delete the tlb and ldb databases
Correct the idmap statements as recommended
Rejoin the domain

I assume that all accounts and groups will get new id's in the
30000-range. Do I need to re-apply all folder and file permissions
from the Windows server to get them correctly mapped?

Thank you for your patience!


> >   In the meantime, I will try to read up on the backend's and
> > get a better understanding.
> tdb is only used for the '*' domain, ID's start from the lower number
> you set in smb.conf
> rid is used for the DOMAIN domain (HPTLS in your case), ID's are
> calculated by adding the objects rid to the lower number you set in
> smb.conf. For instance Domain Users ID will be 30000 + 513 = 30513
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

This signature contains 100% recyclable electrons as prescribed by Mother Nature

Anders Östling
+46 768 716 165 (Mobil)
+46 431 45 56 01  (Hem)

More information about the samba mailing list