[Samba] UIDs/GIDs for built-in accounts in an AD-DC domain
Michael Tokarev
mjt at tls.msk.ru
Wed Nov 16 11:05:59 UTC 2022
Hi!
I've another interesting tidbit here. Two domain controllers with
replication between them, all is good. smb.conf is the default
created by samba-tool domain join. The problem is that the UIDs/GIDs
assigned to built-in accounts (Administrators,Users,etc) are different
on the two.
For example, BUILTIN\Administrators is 3000000 on the "second" DC,
while it is 3000001 on first. And 3000001 is Users on second.
As the result, when I rsync sysvol including all the file attributes,
it becomes wrong in the destination, and samba-tool ntacl sysvolcheck
reports a lot of errors. sysvolreset fixes these, but obviously the
next rsync run makes them wrong again.
The IDs should be somehow syncronized between the two machines (or
actually several). What's the way to do this?
And where these IDs are stored to begin with?
Thanks,
/mjt
More information about the samba
mailing list