Samba4 AD - restore procedure messing up UID's and share acls?
by Obig from LinuxQuestions.org on (#4SH10)
Hi All,
We're currently testing Samba 4.9.4 to implement as an AD.
Setting up DC's and replicating, user management, LDAP queries all work fine but we're hitting a few hickups in the testing of the backup / restore and also with the RODC.
The most important is the backup and restore off course.
We installed 3 DC's, on one we created a file share to map a drive for a test pc. We set some access rights on some folders.
Backup procedure works fine (Online Backup)
samba-tool domain backup online --targetdir=<output-dir> --server=<DC-server> -UAdministrator
Then to test the restore we follow the Samba Procedure:
Stop Samba on all DC's --> all good
Restore the backup to a new machine and give it a name not existing in the AD yet. --> all good
Rejoing the DC's to the new domain --> all good
Check replication of the domain --> all good
Replicate sysvol --> did that manually for testing purposes (not using rsynch as we would in production)
Our AD seems up and running, users and OU's all there, we can create and manage AD.
PROBLEM: file share isn't working anymore, actually the User ID's seem to have changed.
Tried doing a copy of the idmap but stays the same
Any ideas? I was thinking about the idmap backend to RID, would this fix this issue?
Would be carnage if ever we had an incident and 2500 users get they're file shares messed up.
For the RODC, we don't seem to be able to get it up and working properly with caching passwords for the local users. We want the RODC to be a caching server holding the local file shares so they do'nt have to authenticate over the WAN each time.
Any tips or tricks are much appreciated.
We're currently testing Samba 4.9.4 to implement as an AD.
Setting up DC's and replicating, user management, LDAP queries all work fine but we're hitting a few hickups in the testing of the backup / restore and also with the RODC.
The most important is the backup and restore off course.
We installed 3 DC's, on one we created a file share to map a drive for a test pc. We set some access rights on some folders.
Backup procedure works fine (Online Backup)
samba-tool domain backup online --targetdir=<output-dir> --server=<DC-server> -UAdministrator
Then to test the restore we follow the Samba Procedure:
Stop Samba on all DC's --> all good
Restore the backup to a new machine and give it a name not existing in the AD yet. --> all good
Rejoing the DC's to the new domain --> all good
Check replication of the domain --> all good
Replicate sysvol --> did that manually for testing purposes (not using rsynch as we would in production)
Our AD seems up and running, users and OU's all there, we can create and manage AD.
PROBLEM: file share isn't working anymore, actually the User ID's seem to have changed.
Tried doing a copy of the idmap but stays the same
Any ideas? I was thinking about the idmap backend to RID, would this fix this issue?
Would be carnage if ever we had an incident and 2500 users get they're file shares messed up.
For the RODC, we don't seem to be able to get it up and working properly with caching passwords for the local users. We want the RODC to be a caching server holding the local file shares so they do'nt have to authenticate over the WAN each time.
Any tips or tricks are much appreciated.