[Samba] Sync samba machine account between diffent samba versions - 4.1 to 4.15

Gilberto Ferreira gilberto.nunes32 at gmail.com
Fri May 17 16:17:34 UTC 2024 

>> I think you may have to ask zentyal about this
Yeah! You are probably right about that. I just ask for the sake of
somebody to come up with some command to do the job.

>> I feel I should point out that wouldn't even put an RODC in a DMZ, but
>> hey, it is your domain.
Yeah! Just playing around with this.
No production env or domain.

Thanks anyway


---


Gilbert



Em sex., 17 de mai. de 2024 às 13:11, Rowland Penny via samba <
samba at lists.samba.org> escreveu:

> On Fri, 17 May 2024 12:36:33 -0300
> Gilberto Ferreira via samba <samba at lists.samba.org> wrote:
>
> > Hi there.
> > I have two samba servers, let's say srv01 and srv02. For that matter,
> > both are Zentyal Server 4 and 8, respectively.
> > In the srv01 there is samba version 4.1, which is in the network
> > 182.168.200.0/24, and which is by the way also the gateway to both
> > network. In the srv02 there is samba version 4.15, which is in the
> > DMZ network 10.10.100.0/24
> > The first is an additional controller for the second.
> > Everything is working fine, except for machine sync.
> > Let me explain:
> > - Between these two samba servers, I have a Windows 2022 server. I
> > was able to put Windows 2022 in the samba domain without any
> > problems, which was a bit of surprise to me, since I always used to
> > install SMB1v and SMB2v, first and then add the Windows server into
> > the samba domain.
> > - I can log in into the Windows 2022 server using the domain account
> > created in the server with samba 4.15
> > - In fact users created in both samba servers appear on both servers.
> > - With pdbedit --list I can see the following:
> > srv01:
> > pdbedit --list
> > ...
> > ...
> > SRV01$:4294967295:SRV01$
> > SRV02$:4294967295:
> > WINSRV01$:4294967295:
> > srv02:
> > pdbedit --list
> > ...
> > ...
> > SRV01$:3000020:SRV01$
> > SRV02$:3000022:
> >
> > As you can see, the windows 2022 server was added in the srv01, which
> > has samba 4.1.17 and does not appear in srv02, which has samba
> > 4.15.13. Based on that, I wonder if this is something to do with
> > these different versions, before I seek some help with the Zentyal
> > guys. And I wonder if there is any way to force a sync between the
> > two samba servers, in regard to the samba machines account.
> >
> > Thanks in advance.
> >
> > ---
> > Gilbert
>
> I think you may have to ask zentyal about this, whilst '3000020' is in
> the expected format (Samba DCs uses IDs in the 3000000 range unless
> you add uidNUmber & gidNumber attributes), '429467295' isn't. it is
> expected that different DCs will have different IDs for users, groups
> and computers, they are issued on each DC on a 'first-come-basis', for
> this reason you have to sync idmap.ldb between DCs.
>
> I feel I should point out that wouldn't even put an RODC in a DMZ, but
> hey, it is your domain.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list