winbind Active directory guid mapping problem fc6
Hello,
I am using Fedora core 6 on two servers. They are both running samba-3.0.24-1.fc6. They are both joined to a active directory domain. When I execute the following command getent group The first groups returned on server 1 are BRENTWOOD-BBC+domain computers:*:10038: BRENTWOOD-BBC+domain controllers:*:10039: the getent group command outputs for server 2 BRENTWOOD-BBC+domain computers:*:10037: BRENTWOOD-BBC+domain controllers:*:10038: As, you can see the group id's are different for both servers. This happens with all groups in the active directory. This causes a problem when I try to use samba to mount to a directory on server 2. The file permission get confused as the group id's are different. My, smb.conf is the same on both servers :- smb.conf :- realm = BRENTWOOD.LOCAL idmap uid = 10000-20000 idmap gid = 10000-20000 template homedir = /home/BRENTWOOD-BBC/default template shell = /bin/bash winbind use default domain = false winbind separator = + winbind enum users = yes winbind enum groups = yes How do I match gid's on both servers? to allow me to match permission on both servers. Many Thanks Barry |
should you not be using the MSSFU AD extensions and holding this data within AD / LDAP itself? never really used them myself but the mapping there is done on a per client basis, so not held centrally and allocated on a first come first served basis. check this http://www.samba.org/samba/docs/man/.../idmapper.html
|
Flush Your ID Map Cache Too
In /etc/samba/smb.conf put the following:
Code:
idmap uid = 16777216-33554431 /var/cache/samba/group_mapping.tdb Then you can restart samba and it will freshly map all your domain entities as they log in. |
Thanks for your help in this thread. Changed over to MSSFU AD and everything worked fine.
Also, upgraded to samba-3.0.24-1. |
All times are GMT -5. The time now is 11:29 PM. |