[Samba] Sync samba machine account between diffent samba versions - 4.1 to 4.15
Rowland Penny
rpenny at samba.org
Fri May 17 16:10:03 UTC 2024
On Fri, 17 May 2024 12:36:33 -0300
Gilberto Ferreira via samba <samba at lists.samba.org> wrote:
> Hi there.
> I have two samba servers, let's say srv01 and srv02. For that matter,
> both are Zentyal Server 4 and 8, respectively.
> In the srv01 there is samba version 4.1, which is in the network
> 182.168.200.0/24, and which is by the way also the gateway to both
> network. In the srv02 there is samba version 4.15, which is in the
> DMZ network 10.10.100.0/24
> The first is an additional controller for the second.
> Everything is working fine, except for machine sync.
> Let me explain:
> - Between these two samba servers, I have a Windows 2022 server. I
> was able to put Windows 2022 in the samba domain without any
> problems, which was a bit of surprise to me, since I always used to
> install SMB1v and SMB2v, first and then add the Windows server into
> the samba domain.
> - I can log in into the Windows 2022 server using the domain account
> created in the server with samba 4.15
> - In fact users created in both samba servers appear on both servers.
> - With pdbedit --list I can see the following:
> srv01:
> pdbedit --list
> ...
> ...
> SRV01$:4294967295:SRV01$
> SRV02$:4294967295:
> WINSRV01$:4294967295:
> srv02:
> pdbedit --list
> ...
> ...
> SRV01$:3000020:SRV01$
> SRV02$:3000022:
>
> As you can see, the windows 2022 server was added in the srv01, which
> has samba 4.1.17 and does not appear in srv02, which has samba
> 4.15.13. Based on that, I wonder if this is something to do with
> these different versions, before I seek some help with the Zentyal
> guys. And I wonder if there is any way to force a sync between the
> two samba servers, in regard to the samba machines account.
>
> Thanks in advance.
>
> ---
> Gilbert
I think you may have to ask zentyal about this, whilst '3000020' is in
the expected format (Samba DCs uses IDs in the 3000000 range unless
you add uidNUmber & gidNumber attributes), '429467295' isn't. it is
expected that different DCs will have different IDs for users, groups
and computers, they are issued on each DC on a 'first-come-basis', for
this reason you have to sync idmap.ldb between DCs.
I feel I should point out that wouldn't even put an RODC in a DMZ, but
hey, it is your domain.
Rowland
More information about the samba
mailing list