On 25/08/13 08:56, steve wrote:
On Sat, 2013-08-24 at 23:02 +0000, dahopk...@comcast.net wrote:
Notice that the group id and uid are both different. Why?
How did you provision the second DC? Are they replicating OK? When they
are, both DC's need:
idmap_ldb use:rfc2307 = Yes
in the [global] of their smb.conf
On either DC, winbind will only pull uid and gid from AD. If you want to
see all of rfc2307, you must use sssd or nslcd. Then getent passwd will
show not only the correct uidNumber and gidNumber, but also the
loginShell and unixHomeDirectory too
Advice: don't use Test24.User as a username for debugging. Lose the
capitalisation and the dot.
HTH
Steve
Hi Steve, I think that you have inadvertently found a bug, I have never
run wbinfo -i on my second AD server, so I tried it and got this:
root@dc2:~# getent passwd user
user:*:3001106:20513:user:/DOMAIN/DOMAIN/user:to/bin/bash
root@dc2:~# wbinfo -i user
DOMAIN\user:*:3000007:100::/DOMAIN/DOMAIN/user:/bin/false
Hmm, something wrong there, looked in the smb.conf created by the join:
samba-tool domain join example.com DC -Uadministrator
--realm=example.com --dns-backend=BIND9_DLZ
There was no line: 'idmap_ldb:use rfc2307 = Yes' even though it exists
in the main dc smb.conf.
So I added it, restarted Samba 4 and now get this:
root@dc2:~# getent passwd user
user:*:3001106:20513:user:/home/HOME/user:/bin/bash
root@dc2:~# wbinfo -i user
HOME\user:*:3001106:20513::/home/HOME/user:/bin/false
So it would seem that any secondary DC that is created is not set up to
use RFC2307 even if the main DC is.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
