[Samba] DCs demote / change IP / re-join mistakes
Rowland Penny
rpenny at samba.org
Sat Oct 29 15:45:53 UTC 2022
On 29/10/2022 15:47, Luis Peromarta via samba wrote:
> But the missing line *is* there on the smb.conf files in all DCs.
OK, but are there any uidNumber & gidNumber attributes in AD.
If there are then, provided the winbind links are set up and
/etc/nsswitch.conf is set to use them, then they should be used. If they
are not being used, then this needs to be investigated.
The uidNumber & gidNumber attributes will be in sam.ldb, the xidNumber
attributes in idmap.ldb are totally different
>
> Should I then sync idmap.ldb across all DCs, and if yes, which file , DC1, DC2 or the untouched DC3?
It shouldn't matter which DC you use, but from an ease of use
perspective, I would use the DC with the PDC_Emulator FSMO role.
>
> Shall I transfer FSMO role to the DC that will provide the idmap.ldb file before backing up the file ?
Why ? Unless you have been fiddling with idmap.ldb, deleting or adding
things to it, they should all be usable.
>
> Nothing has been added to the AD since the rejoining process started a week ago.
How about before ?
>
> Also, I have plenty of backups from all DCs before the rejoining.
What sort of backups ? Unless they are 'domain' backups (created by
samba-tool), I wouldn't rely on them. You do not backup individual DC's,
you backup the entire domain.
Rowland
More information about the samba
mailing list