[Samba] Sysvol permission issue - how to repair permanently?
Stefan Bellon
bellon at axivion.com
Sun Apr 4 20:12:32 UTC 2021
On Sun, 04 Apr, Rowland penny via samba wrote:
> I wish I had a time machine, I could go back in time and tell you
> that using mapped ID's in this way was a bad idea.
As soon as you have "apt install real-life-timemachine" ready, I'll
volunteer for a beta test. ;-)
> Using nslcd at that time wasn't a bad idea, though unnecessary. You
> could easily change to Unix domain members, except for the ill
> advised group ID's and you could probably work around them.
Yes, it looks like if we did it "the proper way" back in time, we would
not be in this mess right now.
> Do you have this line in the Samba DC's smb.conf : idmap_ldb:use
> rfc2307 = yes
>
> If you do, comment it out (using a ';' or '#') and see if that helps,
> it will make the DC's only use idmap.ldb and ignore any uidNumber &
> gidNumber attributes in AD.
Oh, wow, you are referring to
https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD#RFC2307_on_AD_Domain_Controllers
correct?
Wow, I could have sworn that I read somewhere to put
idmap_ldb:use rfc2307 = yes
into /etc/samba/smb.conf, but (of course) you are right, the wiki
mentions that it is not important for DCs and even more so, that it's
less error prone without.
So, basically, "idmap_ldb:use rfc2307 = yes" puts special
uidNumber/gidNumber handling with higher priority into the mapping and
without that setting, just the idmap.ldb is being used? Removing that
setting will not have any writing effect on the databases?
Then I'll try it tomorrow or the day after. Thanks a lot so far!
Greetings,
Stefan
--
Stefan Bellon
More information about the samba
mailing list