我有两台 Linux 服务器使用 Samba/Winbind 连接到 Active Directory Windows 2008 服务器,这是我的 Samba 配置
workgroup = COMPANY
realm = COMPANY.COM
server string = SAMBA-AD Server
security = ADS
password server = 10.1.x.x
log level = 2
log file = /var/log/samba/log.%m
max log size = 50
unix extensions = No
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home/%u
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
两者的配置完全相同,但是,当我运行时getent group,列出的 GID 是不同的,即使范围完全相同,从 10000 到 20000。
在 Linux 服务器 A 上:
domain computers:*:10011:
在 Linux 服务器 B 上:
domain computers:*:10008:
它似乎不是从 10000 开始的。
我怎样才能在两个 Linux 服务器上精确同步 GID?非常感谢您的帮助!
编辑:@larsks,我尝试添加 idmap_rid,这是最新的配置:
workgroup = COMPANY
realm = COMPANY.COM
server string = SAMBA-AD Server
security = ADS
password server = 10.1.xx.xx
log file = /var/log/samba/log.%m
max log size = 50
unix extensions = No
idmap config COMPANY:backend = rid
idmap config COMPANY:base_rid = 1000
idmap config COMPANY:range = 10000 - 20000
template homedir = /home/%u
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
hosts allow = 127., 192.168.12., 192.168.13., 10.1.11., 10.2.,
wide links = Yes
我删除了 idmap gid = 10000-20000。
我需要删除吗winbind enum groups = Yes?
然而,在添加 idmap_rid 之后,即使我重新启动 winbind / samba,GID 仍然保持不变。