smb.conf on PDC:
root@debian-samba4:/usr/local/samba/etc# cat smb.conf
# Global parameters
[global]
workgroup = TEST
realm = TEST.LOCAL
netbios name = DEBIAN-SAMBA4
server role = active directory domain controller
dns forwarder = 192.168.1.102
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /usr/local/samba/var/locks/sysvol/test.local/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[profiles]
path = /usr/local/samba/var/profiles
read only = No
root@debian-samba4:/usr/local/samba/etc#
smb.conf on BDC:
root@bdc-samba:/usr/local/samba/etc# cat ./smb.conf
# Global parameters
[global]
workgroup = TEST
realm = test.local
netbios name = BDC-SAMBA
server role = active directory domain controller
dns forwarder = 192.168.1.102
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /usr/local/samba/var/locks/sysvol/test.local/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[profiles]
path = /usr/local/samba/var/profiles
read only = No
root@bdc-samba:/usr/local/samba/etc#
2013/6/14 steve <st...@steve-ss.com>
> On Fri, 2013-06-14 at 18:05 +0400, Vladimir A Fomkin wrote:
> > Hello Marc!
> > Thank you for response!
> > I added this string in smb.conf on PDC and BDC, but after sync BDC again
> do
> > not give access. I see UID for files created for one user via PDC -
> 3000022
> > and via BDC - 3000019
>
> Hi
> Make sure that you have the rfc2307 line in both the DC's. Add:
> uidNumber: 3000022
> to the the DN of the user on one of the DC's. Wait a few minutes. Now
> create a file. It will have uid 3000022 no matter which DC is consulted.
> HTH
> Steve
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
С уважением,
Фомкин Владимир Андреевич
ICQ:220967838
Skype:vladimir.fomkin
http://vaf.net.ru
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
2013/6/17 steve <st...@steve-ss.com>
> Hi
> Just try adding the user anyway and let's see what happens:
>
> samba-rool user add tester4
>
>
--
С уважением,
Фомкин Владимир Андреевич
ICQ:220967838
Skype:vladimir.fomkin
http://vaf.net.ru
root@bdc-samba:~# /usr/local/samba/bin/samba-tool user list
tester4
vaf
tester
tester2
tester3
Administrator
krbtgt
Guest
root@bdc-samba:~#
2013/6/17 Vladimir A Fomkin <v...@vaf.net.ru>
root@debian-samba4:/usr/local/samba/private# /usr/local/samba/bin/ldbsearch
--url=/usr/local/samba/private/sam.ldb | grep tester4
sAMAccountName: tester4
userPrincipalName: tes...@test.local
root@debian-samba4:/usr/local/samba/private#
And I found there UID is saved - /usr/local/samba/bin/ldbedit
--url=/usr/local/samba/private/idmap.ldb
On PDC shows (cutted):
# record 7
dn: CN=S-1-5-21-3451120384-2816699473-3647757164-1110
cn: S-1-5-21-3451120384-2816699473-3647757164-1110
objectClass: sidMap
objectSid: S-1-5-21-3451120384-2816699473-3647757164-1110
type: ID_TYPE_BOTH
xidNumber: 3000023
distinguishedName: CN=S-1-5-21-3451120384-2816699473-3647757164-1110
On BDC shows (cutted):
# record 5
dn: CN=S-1-5-21-3451120384-2816699473-3647757164-1110
cn: S-1-5-21-3451120384-2816699473-3647757164-1110
objectClass: sidMap
objectSid: S-1-5-21-3451120384-2816699473-3647757164-1110
type: ID_TYPE_BOTH
xidNumber: 3000020
distinguishedName: CN=S-1-5-21-3451120384-2816699473-3647757164-1110
SID is the same, but the UID is different!
2013/6/17 steve <st...@steve-ss.com>
> On Mon, 2013-06-17 at 14:50 +0400, Vladimir A Fomkin wrote:
> > HI!
> > root@bdc-samba:~# /usr/local/samba/bin/samba-tool user add tester4
> > New Password:
> > Retype Password:
> > ERROR(ldb): Failed to add user 'tester4': - samldb: Account name
> > (sAMAccountName) 'tester4' already in use!
> > root@bdc-samba:~#
>
>
> Hi
> ldbsearch --url=/usr/local/samba/private/sam.ldb | grep tester4
>
>
>
>
--
С уважением,
Фомкин Владимир Андреевич
ICQ:220967838
Skype:vladimir.fomkin
http://vaf.net.ru
[global]
workgroup = TEST
realm = test.local
netbios name = BDC-SAMBA
server role = active directory domain controller
dns forwarder = 192.168.1.102
idmap config TEST:backend = rid
idmap config TEST:range = 4000000 - 5000000
idmap config TEST:schema_mode = rfc2307
idmap config *:backend = rid
root@bdc-samba:~# /usr/local/samba/bin/testparm -sv
/usr/local/samba/etc/smb.conf | grep backend
Load smb config files from /usr/local/samba/etc/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[profiles]"
Loaded services file OK.
Server role: ROLE_ACTIVE_DIRECTORY_DC
passdb backend = samba_dsdb
idmap backend = tdb
share backend =
idmap config TEST:backend = rid
idmap config * : backend = rid
root@bdc-samba:~#
2013/6/17 Vladimir A Fomkin <v...@vaf.net.ru>
> Hi!
Rowland