Re: [Samba] Replace AD DC FS with 2 new servers
- Date: Mon, 26 Nov 2018 15:27:28 +0100
- From: Mark Amundsen via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Replace AD DC FS with 2 new servers
So I added a second DC with the rfc2307 option. It replicates and I auth works. yay.
>> Does this also mean that the member server that will act as a file
>> server should have idmap config = ad?
> Only if you have manually added uidNumber & gidNumber attributes to AD
I belive the microsoft admin tools have always been used to add users and groups
Is 'idmap rid' a better choice than ad? Can I still copy files with rsync in that case or will file ownership be mangled?
>> The documentation is not clear to me, in the wiki for setting up a
>> domain controller it is recommended to use rfc2307 but in the wiki on
>> how to set that up it is recommended to _not_ use rfc2307 in a DC.
> No, I think you mean that you should provision with 'use-rfc2307' but it
> is not recommended to use a DC as a fileserver.
As I already added the new DC, this doesn't matter anymore. However:
'When provisioning a new AD, it is recommended to enable the NIS extensions by passing the --use-rfc2307 parameter ...'
'It is recommended not to use those mappings on the DCs'
Thanks for your input, much appreciated!
To unsubscribe from this list go to the following URL and read the