[Samba] convert from synology
Peter Carlson
peter at howudodat.com
Fri Oct 7 18:19:06 UTC 2022
Thank you for your explanations. They are thorough! I have to admit,
I'm paddling as fast as I can :)
I cant find rfc2307 in any of the configs on the synology, so I am
assuming it is not set. I did not set it on the new DC.
Since I only have 3 GPOs, my current plan is: rollback my snapshot to
pre-sysvol sync (I snapshotted this vm after each major configration
step) transfer FSMO roles and re-create the GPOs. If that doesn't work
rollback to pre-domain join and rejoin as a DC and transfer the role.
I'm hoping this will work.
for cockpit, I'll investigate further later. The ubuntu repo has an
expired GPG key but also appears to be at 20.04. Making from source
built the module, but ended in a big 404 graphic when I tried to load it
inside of the dashboard. I'll be able to look at that a bit this
evening, as I need to replace a garage door spring right after lunch.
Peter
On 10/7/22 10:16, Rowland Penny via samba wrote:
>
>
> On 07/10/2022 17:33, Peter Carlson via samba wrote:
>> I agree with the mangling assessment.
>>
>> 1. I will ask about the xid, for information only
>> 2. I like Synolgy's UI. If I could strip that out and put it on some
>> flavor of Linux, I would. There was a decent cockpit ui samba plugin,
>> but it's not working at the moment, and zentyal won't join the domain
>> and they aren't responsive to bugs. Maybe since I'm quasi retired
>> now, I'll start my own UI project.
>> 3. Are these ids only used for sysvol? We only have 3 gpos and no
>> roaming, so I could just recreate those by hand.
>>
>
> 'xidNumber' attributes are only used on a Samba DC and are stored in
> idmap.ldb
>
> If 'idmap_ldb:use rfc2307 = yes' is set in a DC's smb.conf, the
> 'xidNumber' attributes can and will be overridden by any 'uidNumber' &
> 'gidNumber' attributes set in AD. There is a problem with this, the
> 'xidNumber' attributes are a bit special, they can be set as
> 'ID_TYPE_UID', 'ID_TYPE_GID' or 'ID_TYPE_BOTH', the last one is the
> special one as it makes a group be a user as well as a group. Why does
> a group have to be a user ? Well, Windows has the concept of groups
> owning things (something that Linux doesn't) and at least one group
> (Domain Admins) needs to own thing in Sysvol, if you give the Well
> Know Sid groups a gidNumber attribute, they just become groups to
> Linux and cannot own anything.
>
> The cockpit Samba DC module was produced as a Google summer of code
> under the Samba banner, any idea why it no longer works ?
>
> Rowland
>
>
More information about the samba
mailing list