[Samba] Second though about removing use-rfc2307
Francesco Malvezzi
francesco.malvezzi at unimore.it
Wed Feb 19 17:37:33 UTC 2025
> It all depends on what you mean by 'users profile', if they are Windows
> roaming profiles, then no, the issue is that the profile will be belong
> to the original users SID and the 'new' user will have a different SID.
>
> A bit more information about your set up may help in diagnosing the
> problem.
>
> Rowland
yes, good idea. Thank you for your help and sorry for the sloppiness.
There is a master repository of users' data (a db) that feeds a OpenLDAP
directory. A user entry has a few posixAccount and among these a
uidNumber, fixed, because it is stored in the db.
With the help of lsc [1] the directory data get propagated on the AD.
The uidNumber is copied verbatim.
(on one of the AD DCs)
$ sudo ./bin/ldbsearch -H private/sam.ldb 'cn=malvezzi'
dn: CN=malvezzi,OU=people,DC=example,DC=org
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: malvezzi
sn: MALVEZZI
ou: people
description: Francesco MALVEZZI
instanceType: 4
whenCreated: 20230913091659.0Z
displayName: Francesco MALVEZZI
uSNCreated: 1145524
name: malvezzi
objectGUID: 251a2e13-[....]-65a6ba7fd0eb
userAccountControl: 512
codePage: 0
countryCode: 0
scriptPath: malvezzi.bat
primaryGroupID: 513
objectSid: S-1-5-21-[...]-8181
accountExpires: 0
sAMAccountName: malvezzi
sAMAccountType: 805306368
userPrincipalName: malvezzi at example.org
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=org
uidNumber: 41312
gidNumber: 41312
unixHomeDirectory: /homel/malvezzi
loginShell: /bin/mosh
mail: francesco.malvezzi at example.org
[...]
(on one of the AD DCs)
$ sudo ./bin/wbinfo -i malvezzi
EXAMPLEAD\malvezzi:*:3002881:100::/homel/malvezzi:/bin/mosh
The AD DC used to have the
idmap_ldb:use rfc2307 = yes
in the smb.conf, but I removed it.
In these days a couple of users where deleted by mistake on OpenLDAP, so
the deletion propagated to AD.
Upon users re-import, they weren't able to access the local profile on
their laptop (no roaming profiles involved). I thought it was because of
the re-allocation of their idmap number (but after your explanation I am
less and less sure about it),
thank you,
Francesco
[1] lsc-project.org
More information about the samba
mailing list