Hello,
I am using Fedora core 6 on two servers. They are both running samba-3.0.24-1.fc6.

They are both joined to a active directory domain. When I execute the following command

getent group

The first groups returned on server 1 are

BRENTWOOD-BBC+domain computers:*:10038:
BRENTWOOD-BBC+domain controllers:*:10039:

the getent group command outputs for server 2

BRENTWOOD-BBC+domain computers:*:10037:
BRENTWOOD-BBC+domain controllers:*:10038:

As, you can see the group id's are different for both servers. This happens with all groups in the active directory. This causes a problem when I try to use samba to mount to a directory on server 2. The file permission get confused as the group id's are different. My, smb.conf is the same on both servers :-

smb.conf :-

realm = BRENTWOOD.LOCAL
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home/BRENTWOOD-BBC/default
template shell = /bin/bash
winbind use default domain = false
winbind separator = +
winbind enum users = yes
winbind enum groups = yes

How do I match gid's on both servers? to allow me to match permission on both servers.

Many Thanks
Barry

should you not be using the MSSFU AD extensions and holding this data within AD / LDAP itself? never really used them myself but the mapping there is done on a per client basis, so not held centrally and allocated on a first come first served basis. check this http://www.samba.org/samba/docs/man/.../idmapper.html

In /etc/samba/smb.conf put the following:

Then delete the Samba ID Map Cache at

/var/cache/samba/group_mapping.tdb

Then you can restart samba and it will freshly map all your domain entities as they log in.

Thanks for your help in this thread. Changed over to MSSFU AD and everything worked fine.

Also, upgraded to samba-3.0.24-1.