Re: [Gluster-devel] [Samba] Samba4: Strange Behaveiour On Home share with 2 DC replicating /vfs glusterfs

[Rowland Penny]

On 19/02/14 10:01, Daniel Müller wrote:
> Now how do I give them uids on creating?
> In practice suggestion from :
> https://wiki.samba.org/index.php/Adding_users_with_samba_tool
> for 50 Users can not be done.
> Seems even the groups uid in both DCs differ:
> ON DC1
>
> TPLK\Enterprise Read-Only Domain Controllers:*:3000016:
> TPLK\Domain Admins:*:3000008:
> TPLK\Domain Users:*:100:
> TPLK\Domain Guests:*:3000012:
> TPLK\Domain Computers:*:3000017:
> TPLK\Domain Controllers:*:3000018:
> TPLK\Schema Admins:*:3000007:
> TPLK\Enterprise Admins:*:3000006:
> TPLK\Group Policy Creator Owners:*:3000004:
> TPLK\Read-Only Domain Controllers:*:3000019:
> TPLK\DnsUpdateProxy:*:3000020:
>
> ON DC2
>
> TPLK\Enterprise Read-Only Domain Controllers:*:3000028:
> TPLK\Domain Admins:*:3000009:
> TPLK\Domain Users:*:100:
> TPLK\Domain Guests:*:3000003:
> TPLK\Domain Computers:*:3000019:
> TPLK\Domain Controllers:*:3000015:
> TPLK\Schema Admins:*:3000010:
> TPLK\Enterprise Admins:*:3000008:
> TPLK\Group Policy Creator Owners:*:3000007:
> TPLK\Read-Only Domain Controllers:*:3000029:
> TPLK\DnsUpdateProxy:*:3000030:
>
>
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: address@hidden
> Internet: www.tropenklinik.de
> "Der Mensch ist die Medizin des Menschen"
>
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: Rowland Penny [mailto:address@hidden
> Gesendet: Mittwoch, 19. Februar 2014 10:40
> An: address@hidden; address@hidden
> Cc: address@hidden
> Betreff: Re: [Samba] Samba4: Strange Behaveiour On Home share with 2 DC
> replicating /vfs glusterfs
>
> On 19/02/14 07:19, Daniel Müller wrote:
> > There is a strange behaviour having two DCs joined in one Domain
> > concerning the  [home] share.
> > The [home] is fixed on a replicating gluster volume on both DC.
> > Now creating the users directory with ADUC ex.:
> > \\s4master\home\%username% would do the necessary and the directory is
> > created on both dcs. On the first DC all working fine without any
> > issue but on the second the user cannot login their home shares
> > pointing to ex: \\s4slave\home\testneu The reason is a different UID!?
> > EX.: on the first DC 3000030 on the second 3000023!?
> > How can I fix this?
> >
> > Greetings Daniel
> >
> >
> >
> >
> >
> >
> >
> >
> > On DC1:
> >
> >
> > [home]
> > comment=home s4master verzeichnis auf gluster node1 vfs objects=
> > recycle, glusterfs recycle:repository= /%P/%U/.Papierkorb
> > glusterfs:volume= sambacluster glusterfs:volfile_server = 172.17.1.1
> > recycle:exclude = *.tmp,*.temp,*.log,*.ldb,*.TMP,?~$*,~$*
> > recycle:keeptree = Yes
> > recycle:exclude_dir = .Papierkorb,tmp,temp,profile,.profile
> > recycle:touch_mtime = yes
> > recycle:versions = Yes
> > msdfs root=yes
> > path=/ads/home
> > read only=no
> > posix locking =NO
> > kernel share modes = No
> >
> >
> >
> >
> > address@hidden home]# getfacl testneu
> > # file: testneu
> > # owner: root
> > # group: users
> > user::rwx
> > user:root:rwx
> > user:3000000:rwx
> > user:TPLK\134testneu:rwx
> > group::---
> > group:users:---
> > group:3000000:rwx
> > group:3000030:rwx
> > mask::rwx
> > other::---
> > default:user::rwx
> > default:user:root:rwx
> > default:user:3000000:rwx
> > default:user:TPLK\134testneu:rwx
> > default:group::---
> > default:group:users:---
> > default:group:3000000:rwx
> > default:group:3000030:rwx
> > default:mask::rwx
> > default:other::---
> >
> > address@hidden home]# id testneu
> > uid=3000030(TPLK\testneu) gid=100(users) Gruppen=100(users)
> >
> > On DC2:
> > [home]
> > comment=home s4slave verzeichnis auf gluster node2 vfs objects=
> > recycle, glusterfs recycle:repository= /%P/%U/.Papierkorb
> > glusterfs:volume= sambacluster glusterfs:volfile_server = 172.17.1.2
> > recycle:exclude = *.tmp,*.temp,*.log,*.ldb,*.TMP,?~$*,~$*
> > recycle:keeptree = Yes
> > recycle:exclude_dir = .Papierkorb,tmp,temp,profile,.profile
> > recycle:touch_mtime = yes
> > recycle:versions = Yes
> > msdfs root=yes
> > path=/ads/home
> > read only=no
> > posix locking =NO
> > kernel share modes = No
> >
> > address@hidden home]# getfacl testneu
> > # file: testneu
> > # owner: root
> > # group: users
> > user::rwx
> > user:root:rwx
> > user:3000000:rwx
> > user:3000030:rwx
> > group::---
> > group:users:---
> > group:3000000:rwx
> > group:3000030:rwx
> > mask::rwx
> > other::---
> > default:user::rwx
> > default:user:root:rwx
> > default:user:3000000:rwx
> > default:user:3000030:rwx
> > default:group::---
> > default:group:users:---
> > default:group:3000000:rwx
> > default:group:3000030:rwx
> > default:mask::rwx
> > default:other::---
> >
> > address@hidden home]# id testneu
> > uid=3000023(TPLK\testneu) gid=100(users) Gruppen=100(users) <---should
> > be the same as DC1!?
> >
> >
> >
> > EDV Daniel Müller
> >
> > Leitung EDV
> > Tropenklinik Paul-Lechler-Krankenhaus
> > Paul-Lechler-Str. 24
> > 72076 Tübingen
> > Tel.: 07071/206-463, Fax: 07071/206-499
> > eMail: address@hidden
> > Internet: www.tropenklinik.de
> > "Der Mensch ist die Medizin des Menschen"
> Fairly easily, give your users uidNumber's & gidNumber's
>
> Rowland
The problem here is that the numbers you are referring to, are actually 
xidNumbers from idmap.ldb, you can confirm this by opening idmap.ldb 
with ldbedit:

ldbedit -e <your favorite editor> --url=/path/to/idmap.ldb

If you compiled samba4 yourself:

ldbedit -e nano --url=/usr/local/samba/private/idmap.ldb

If you give your groups a gidNumber and then your users a uidNumber and 
the relevant gidNumber, the xidNumbers will be overridden and the 
uidNumber's & gidNumbers used instead.

Probably the easiest way of doing this would be to use ADUC on a windows 
client, if you do not have any windows clients, then I am sorry but you 
will have to resort to ldbmodify and ldif's.

Rowland