Hi, I've configured 2 RHEL4 boxes running samba-3.0.10-1.4E to join our W2K AD domain and run as member servers. wbinfo -u/-g and getent passwd/group work OK and resolve users within the domain and I've created a test share with domain permissions that we can copy to etc. So now I've reached a bit of a crossroads. As I understand it winbind maps the domain SID's to UID's/GID's on a random basis, but as the 2 boxes will eventually form part of a cluster I need to make sure that the ID mappingsare identical on each box otherwise I'll have a hell of a job when failing over. Looking through the Samba How-To and By-Example documentation to check current configuration it doesn't seem to be clear (at least to me :) ) what the best/recommended practice is in this situation. Can I use AD as the LDAP backend? Should I use IDMAP_RID and replicate the .tdb files between nodes - there are 30,000+ accounts in AD? Would I even have to replicate the .tdb if it uses a predictable mapping system? Or is confguring a second LDAP server to store the mapped ID's my only option? If anyone has any experience or knowledge I'd love to hear from you.
Cheers. Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
