Re: [Samba] Replace AD DC FS with 2 new servers


So I added a second DC with the rfc2307 option. It replicates and I auth works. yay.

>> Does this also mean that the member server that will act as a file
>> server should have idmap config = ad?

> Only if you have manually added uidNumber & gidNumber attributes to AD

I belive the microsoft admin tools have always been used to add users and groups

Is 'idmap rid' a better choice than ad? Can I still copy files with rsync in that case or will file ownership be mangled?

>> The documentation is not clear to me, in the wiki for setting up a
>> domain controller it is recommended to use rfc2307 but in the wiki on
>> how to set that up it is recommended to _not_ use rfc2307 in a DC.

> No, I think you mean that you should provision with 'use-rfc2307' but it
> is not recommended to use a DC as a fileserver.

As I already added the new DC, this doesn't matter anymore. However:

'When provisioning a new AD, it is recommended to enable the NIS extensions by passing the --use-rfc2307 parameter ...'
from: https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

'It is recommended not to use those mappings on the DCs'
from: https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD

Thanks for your input, much appreciated!


