After typing in the samba domain to change uid gid of domain users (idmap)?

0 like 0 dislike
25 views
I introduced a samba (Version 4.5.12-Debian) to the domain when it is configured prescribed:
idmap config * : range = 1422390000-1422399999
idmap config centr:schema_mode = rfc2307
centr idmap config:range = 1422390000-1422399999
centr idmap config:backend = hash
idmap config * : backend = ad

Everything works, getend passwd, and wbinfo shows users. With Windows clients in the domain folders open without a password.

Now, as an experiment changed:
this range 1422390000-1422399999 on 1442390000-1442399999 but the uid has changed, stelisti in the old range. I tried to withdraw and enter into the domain again, but it didn't help. Tried to change different backend (tdb, hash) but nothing changes.

I think that you need to remove a file after the withdrawal from the domain that you type it snogo created. But this assumption is simply.
by | 25 views

2 Answers

0 like 0 dislike
His own answer, in case you want.

This team look where you want to clean:
# smbd -b | egrep "LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR"
LOCKDIR: /usr/local/samba/var/lock/
STATEDIR: /usr/local/samba/var/locks/
CACHEDIR: /usr/local/samba/var/cache/
PRIVATE_DIR: /usr/local/samba/private/

And from all these directories to be deleted .and tdb .ldb files. So as winbind no longer starts because the files were gone, just translate in the domain and files to sozdajutsja and winbind starts.
by
0 like 0 dislike
Maybe a little late, but tinctures are not quite right:
idmap config * : range = 1422390000-1422399999
idmap config centr:schema_mode = rfc2307 <- uidNumber/gidNumber should be spelled out in the AD
centr idmap config:range = 1422390000-1422399999
centr idmap config:backend = hash <- should be "ad" because rfc2307, especially deprecated the hash (https://www.samba.org/samba/docs/current/man-html/...
idmap config * : backend = ad <- stitching is not true

idmpa_ad is used to ensure that multiple servers had the same uid/gid -> sid mappings. It may be worth it to use idmap_rid?

well, then winbind has a cache and it had to do was clear: "net cache flush" like
by

Related questions

0 like 0 dislike
1 answer
0 like 0 dislike
1 answer
0 like 0 dislike
5 answers
asked May 21, 2019 by tmman
0 like 0 dislike
2 answers
110,608 questions
257,186 answers
0 comments
32,707 users