This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Directory and Authentication / OU "groups" not show in RSAT
« on: October 21, 2021, 05:32:36 pm »
Hello,
I have a Zentyal 7.0 instance with Samba AD. It is working correctly as far as I know. There is an OU called "Groups", which seems to be created by default. I have created a few groups there and have used them in the fileserver to assign permissions to folders without issues.
Now I wanted to move those groups to another OU using RSAT in a Windows hosts, but RSAT does now show that "Groups" OU.
I know I can use samba-tool to move the groups to another OU, but why that "Groups" is not shown in RSAT? Other OUs are shown correctly.
Thanks in advance.
I have a Zentyal 7.0 instance with Samba AD. It is working correctly as far as I know. There is an OU called "Groups", which seems to be created by default. I have created a few groups there and have used them in the fileserver to assign permissions to folders without issues.
Now I wanted to move those groups to another OU using RSAT in a Windows hosts, but RSAT does now show that "Groups" OU.
I know I can use samba-tool to move the groups to another OU, but why that "Groups" is not shown in RSAT? Other OUs are shown correctly.
Thanks in advance.
2
Directory and Authentication / Two domain controllers, sysvol replication and idmap.ldb
« on: September 21, 2021, 10:30:18 am »
Hello,
I have two domain controllers using Zentyal 7, dc01 and dc02. dc01 has all the FSMO roles and was the first installed with a new domain. Then added dc02 and everything seems to be working fine. I have unidirectional sysvol replication using lrsync from dc01 to dc02 and all admin consoles are set up to connect to dc01 to edit GPO, users/groups, etc.
Now I was thinking about implementing bidirectional replication, but checking the official Samba docs (https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround#Setup_on_all_other_Domain_Controller.28s.29), I read "Make sure, that you have identical IDs of built-in groups on all DCs". That means creating a copy of /usr/local/samba/private/idmap.ldb and place it in the additional DCs.
My problem is that /usr/local/samba/private/idmap.ldb is NOT identical in both DC's. The one in dc01 has 69 entries and that in dc02 has 82. I can't figure out why dc02 has more entries than dc01, given that the latter is the FSMO roles owner and has always been.
Should I copy /usr/local/samba/private/idmap.ldb from dc01 to dc02?
What is that file used for in Zentyal?
Does Zentyal create that copy of /usr/local/samba/private/idmap.ldb when adding itself as an additional controller?
Thanks in advance.
I have two domain controllers using Zentyal 7, dc01 and dc02. dc01 has all the FSMO roles and was the first installed with a new domain. Then added dc02 and everything seems to be working fine. I have unidirectional sysvol replication using lrsync from dc01 to dc02 and all admin consoles are set up to connect to dc01 to edit GPO, users/groups, etc.
Now I was thinking about implementing bidirectional replication, but checking the official Samba docs (https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround#Setup_on_all_other_Domain_Controller.28s.29), I read "Make sure, that you have identical IDs of built-in groups on all DCs". That means creating a copy of /usr/local/samba/private/idmap.ldb and place it in the additional DCs.
My problem is that /usr/local/samba/private/idmap.ldb is NOT identical in both DC's. The one in dc01 has 69 entries and that in dc02 has 82. I can't figure out why dc02 has more entries than dc01, given that the latter is the FSMO roles owner and has always been.
Should I copy /usr/local/samba/private/idmap.ldb from dc01 to dc02?
What is that file used for in Zentyal?
Does Zentyal create that copy of /usr/local/samba/private/idmap.ldb when adding itself as an additional controller?
Thanks in advance.
Pages: [1]