Web lists-archives.com

Re: [Samba] Problem achieving manual synchronisation of idmap.ldb and the associated User and Group ID mappings between two Samba 4 AD DCs

Jonathon and Rowland, are you  sure the command you are referring to here is net cache clear for clearing the cache? I couldnt see this in the manpage for net cache.
There is a 'net cache flush' command though?



On 26/03/2019 11:56, Rowland Penny via samba wrote:
On Tue, 26 Mar 2019 07:37:54 -0400
Jonathon Reinhart via samba <samba@xxxxxxxxxxxxxxx> wrote:

I recently went through these steps from the wiki and took the
following notes which I had not yet shared / suggested for the wiki.
(This is from mobile, sorry for the terse message.)

- You need to clear the idmap cache after copying idmap.ldb ("net
cache clear") otherwise you could have stale entries hanging around.
I have added that.

- You need to sync SysVol before running sysvol reset, because
samba-tool falls on its face if that directory is empty.
This has also been added.

- The initial permissions of the the stuff in Sysvol didn't match what
"sysvol reset" wanted. I'm not sure who initially created the stuff
with bad permissions.
I have been saying this for years, the permissions set on a Samba AD DC
do not appear to match what a Windows DC uses.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba