|
From: | Rowland Penny |
Subject: | Re: [Gluster-devel] [Samba] Samba4: Strange Behaveiour On Home share with 2 DC replicating /vfs glusterfs |
Date: | Wed, 19 Feb 2014 12:29:07 +0000 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 |
On 19/02/14 11:12, Daniel Müller wrote:
Yes, but you will also have to give whatever windows groups that you want to use from linux (usually just Domain Users & Domain Admins) a gid number as well.So I will use ADUC and the UNIX option there nis-Domain ,uid?
Rowland
EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: address@hidden Internet: www.tropenklinik.de "Der Mensch ist die Medizin des Menschen" -----Ursprüngliche Nachricht----- Von: Rowland Penny [mailto:address@hidden Gesendet: Mittwoch, 19. Februar 2014 11:14 An: address@hidden; address@hidden Cc: address@hidden Betreff: Re: AW: [Samba] Samba4: Strange Behaveiour On Home share with 2 DC replicating /vfs glusterfs On 19/02/14 10:01, Daniel Müller wrote:Now how do I give them uids on creating? In practice suggestion from : https://wiki.samba.org/index.php/Adding_users_with_samba_tool for 50 Users can not be done. Seems even the groups uid in both DCs differ: ON DC1 TPLK\Enterprise Read-Only Domain Controllers:*:3000016: TPLK\Domain Admins:*:3000008: TPLK\Domain Users:*:100: TPLK\Domain Guests:*:3000012: TPLK\Domain Computers:*:3000017: TPLK\Domain Controllers:*:3000018: TPLK\Schema Admins:*:3000007: TPLK\Enterprise Admins:*:3000006: TPLK\Group Policy Creator Owners:*:3000004: TPLK\Read-Only Domain Controllers:*:3000019: TPLK\DnsUpdateProxy:*:3000020: ON DC2 TPLK\Enterprise Read-Only Domain Controllers:*:3000028: TPLK\Domain Admins:*:3000009: TPLK\Domain Users:*:100: TPLK\Domain Guests:*:3000003: TPLK\Domain Computers:*:3000019: TPLK\Domain Controllers:*:3000015: TPLK\Schema Admins:*:3000010: TPLK\Enterprise Admins:*:3000008: TPLK\Group Policy Creator Owners:*:3000007: TPLK\Read-Only Domain Controllers:*:3000029: TPLK\DnsUpdateProxy:*:3000030: EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: address@hidden Internet: www.tropenklinik.de "Der Mensch ist die Medizin des Menschen" -----Ursprüngliche Nachricht----- Von: Rowland Penny [mailto:address@hidden Gesendet: Mittwoch, 19. Februar 2014 10:40 An: address@hidden; address@hidden Cc: address@hidden Betreff: Re: [Samba] Samba4: Strange Behaveiour On Home share with 2 DC replicating /vfs glusterfs On 19/02/14 07:19, Daniel Müller wrote:There is a strange behaviour having two DCs joined in one Domain concerning the [home] share. The [home] is fixed on a replicating gluster volume on both DC. Now creating the users directory with ADUC ex.: \\s4master\home\%username% would do the necessary and the directory is created on both dcs. On the first DC all working fine without any issue but on the second the user cannot login their home shares pointing to ex: \\s4slave\home\testneu The reason is a different UID!? EX.: on the first DC 3000030 on the second 3000023!? How can I fix this? Greetings Daniel On DC1: [home] comment=home s4master verzeichnis auf gluster node1 vfs objects= recycle, glusterfs recycle:repository= /%P/%U/.Papierkorb glusterfs:volume= sambacluster glusterfs:volfile_server = 172.17.1.1 recycle:exclude = *.tmp,*.temp,*.log,*.ldb,*.TMP,?~$*,~$* recycle:keeptree = Yes recycle:exclude_dir = .Papierkorb,tmp,temp,profile,.profile recycle:touch_mtime = yes recycle:versions = Yes msdfs root=yes path=/ads/home read only=no posix locking =NO kernel share modes = No address@hidden home]# getfacl testneu # file: testneu # owner: root # group: users user::rwx user:root:rwx user:3000000:rwx user:TPLK\134testneu:rwx group::--- group:users:--- group:3000000:rwx group:3000030:rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:user:3000000:rwx default:user:TPLK\134testneu:rwx default:group::--- default:group:users:--- default:group:3000000:rwx default:group:3000030:rwx default:mask::rwx default:other::--- address@hidden home]# id testneu uid=3000030(TPLK\testneu) gid=100(users) Gruppen=100(users) On DC2: [home] comment=home s4slave verzeichnis auf gluster node2 vfs objects= recycle, glusterfs recycle:repository= /%P/%U/.Papierkorb glusterfs:volume= sambacluster glusterfs:volfile_server = 172.17.1.2 recycle:exclude = *.tmp,*.temp,*.log,*.ldb,*.TMP,?~$*,~$* recycle:keeptree = Yes recycle:exclude_dir = .Papierkorb,tmp,temp,profile,.profile recycle:touch_mtime = yes recycle:versions = Yes msdfs root=yes path=/ads/home read only=no posix locking =NO kernel share modes = No address@hidden home]# getfacl testneu # file: testneu # owner: root # group: users user::rwx user:root:rwx user:3000000:rwx user:3000030:rwx group::--- group:users:--- group:3000000:rwx group:3000030:rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:user:3000000:rwx default:user:3000030:rwx default:group::--- default:group:users:--- default:group:3000000:rwx default:group:3000030:rwx default:mask::rwx default:other::--- address@hidden home]# id testneu uid=3000023(TPLK\testneu) gid=100(users) Gruppen=100(users) <---should be the same as DC1!? EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: address@hidden Internet: www.tropenklinik.de "Der Mensch ist die Medizin des Menschen"Fairly easily, give your users uidNumber's & gidNumber's RowlandThe problem here is that the numbers you are referring to, are actually xidNumbers from idmap.ldb, you can confirm this by opening idmap.ldb with ldbedit: ldbedit -e <your favorite editor> --url=/path/to/idmap.ldb If you compiled samba4 yourself: ldbedit -e nano --url=/usr/local/samba/private/idmap.ldb If you give your groups a gidNumber and then your users a uidNumber and the relevant gidNumber, the xidNumbers will be overridden and the uidNumber's & gidNumbers used instead. Probably the easiest way of doing this would be to use ADUC on a windows client, if you do not have any windows clients, then I am sorry but you will have to resort to ldbmodify and ldif's. Rowland
[Prev in Thread] | Current Thread | [Next in Thread] |