[Gluster-devel] [Samba] Samba4: Strange Behaveiour On Home share with 2 DC replicating /vfs glusterfs

Rowland Penny rowlandpenny at googlemail.com
Wed Feb 19 10:13:38 UTC 2014 

On 19/02/14 10:01, Daniel Müller wrote:
> Now how do I give them uids on creating?
> In practice suggestion from :
> https://wiki.samba.org/index.php/Adding_users_with_samba_tool
> for 50 Users can not be done.
> Seems even the groups uid in both DCs differ:
> ON DC1
>
> TPLK\Enterprise Read-Only Domain Controllers:*:3000016:
> TPLK\Domain Admins:*:3000008:
> TPLK\Domain Users:*:100:
> TPLK\Domain Guests:*:3000012:
> TPLK\Domain Computers:*:3000017:
> TPLK\Domain Controllers:*:3000018:
> TPLK\Schema Admins:*:3000007:
> TPLK\Enterprise Admins:*:3000006:
> TPLK\Group Policy Creator Owners:*:3000004:
> TPLK\Read-Only Domain Controllers:*:3000019:
> TPLK\DnsUpdateProxy:*:3000020:
>
> ON DC2
>
> TPLK\Enterprise Read-Only Domain Controllers:*:3000028:
> TPLK\Domain Admins:*:3000009:
> TPLK\Domain Users:*:100:
> TPLK\Domain Guests:*:3000003:
> TPLK\Domain Computers:*:3000019:
> TPLK\Domain Controllers:*:3000015:
> TPLK\Schema Admins:*:3000010:
> TPLK\Enterprise Admins:*:3000008:
> TPLK\Group Policy Creator Owners:*:3000007:
> TPLK\Read-Only Domain Controllers:*:3000029:
> TPLK\DnsUpdateProxy:*:3000030:
>
>
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> "Der Mensch ist die Medizin des Menschen"
>
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: Rowland Penny [mailto:rowlandpenny at googlemail.com]
> Gesendet: Mittwoch, 19. Februar 2014 10:40
> An: mueller at tropenklinik.de; samba at lists.samba.org
> Cc: gluster-devel at nongnu.org
> Betreff: Re: [Samba] Samba4: Strange Behaveiour On Home share with 2 DC
> replicating /vfs glusterfs
>
> On 19/02/14 07:19, Daniel Müller wrote:
>> There is a strange behaviour having two DCs joined in one Domain
>> concerning the  [home] share.
>> The [home] is fixed on a replicating gluster volume on both DC.
>> Now creating the users directory with ADUC ex.:
>> \\s4master\home\%username% would do the necessary and the directory is
>> created on both dcs. On the first DC all working fine without any
>> issue but on the second the user cannot login their home shares
>> pointing to ex: \\s4slave\home\testneu The reason is a different UID!?
>> EX.: on the first DC 3000030 on the second 3000023!?
>> How can I fix this?
>>
>> Greetings Daniel
>>
>>
>>
>>
>>
>>
>>
>>
>> On DC1:
>>
>>
>> [home]
>> comment=home s4master verzeichnis auf gluster node1 vfs objects=
>> recycle, glusterfs recycle:repository= /%P/%U/.Papierkorb
>> glusterfs:volume= sambacluster glusterfs:volfile_server = 172.17.1.1
>> recycle:exclude = *.tmp,*.temp,*.log,*.ldb,*.TMP,?~$*,~$*
>> recycle:keeptree = Yes
>> recycle:exclude_dir = .Papierkorb,tmp,temp,profile,.profile
>> recycle:touch_mtime = yes
>> recycle:versions = Yes
>> msdfs root=yes
>> path=/ads/home
>> read only=no
>> posix locking =NO
>> kernel share modes = No
>>
>>
>>
>>
>> [root at s4master home]# getfacl testneu
>> # file: testneu
>> # owner: root
>> # group: users
>> user::rwx
>> user:root:rwx
>> user:3000000:rwx
>> user:TPLK\134testneu:rwx
>> group::---
>> group:users:---
>> group:3000000:rwx
>> group:3000030:rwx
>> mask::rwx
>> other::---
>> default:user::rwx
>> default:user:root:rwx
>> default:user:3000000:rwx
>> default:user:TPLK\134testneu:rwx
>> default:group::---
>> default:group:users:---
>> default:group:3000000:rwx
>> default:group:3000030:rwx
>> default:mask::rwx
>> default:other::---
>>
>> [root at s4master home]# id testneu
>> uid=3000030(TPLK\testneu) gid=100(users) Gruppen=100(users)
>>
>> On DC2:
>> [home]
>> comment=home s4slave verzeichnis auf gluster node2 vfs objects=
>> recycle, glusterfs recycle:repository= /%P/%U/.Papierkorb
>> glusterfs:volume= sambacluster glusterfs:volfile_server = 172.17.1.2
>> recycle:exclude = *.tmp,*.temp,*.log,*.ldb,*.TMP,?~$*,~$*
>> recycle:keeptree = Yes
>> recycle:exclude_dir = .Papierkorb,tmp,temp,profile,.profile
>> recycle:touch_mtime = yes
>> recycle:versions = Yes
>> msdfs root=yes
>> path=/ads/home
>> read only=no
>> posix locking =NO
>> kernel share modes = No
>>
>> [root at s4slave home]# getfacl testneu
>> # file: testneu
>> # owner: root
>> # group: users
>> user::rwx
>> user:root:rwx
>> user:3000000:rwx
>> user:3000030:rwx
>> group::---
>> group:users:---
>> group:3000000:rwx
>> group:3000030:rwx
>> mask::rwx
>> other::---
>> default:user::rwx
>> default:user:root:rwx
>> default:user:3000000:rwx
>> default:user:3000030:rwx
>> default:group::---
>> default:group:users:---
>> default:group:3000000:rwx
>> default:group:3000030:rwx
>> default:mask::rwx
>> default:other::---
>>
>> [root at s4slave home]# id testneu
>> uid=3000023(TPLK\testneu) gid=100(users) Gruppen=100(users) <---should
>> be the same as DC1!?
>>
>>
>>
>> EDV Daniel Müller
>>
>> Leitung EDV
>> Tropenklinik Paul-Lechler-Krankenhaus
>> Paul-Lechler-Str. 24
>> 72076 Tübingen
>> Tel.: 07071/206-463, Fax: 07071/206-499
>> eMail: mueller at tropenklinik.de
>> Internet: www.tropenklinik.de
>> "Der Mensch ist die Medizin des Menschen"
>>
>>
>>
>>
>>
> Fairly easily, give your users uidNumber's & gidNumber's
>
> Rowland
>
>
The problem here is that the numbers you are referring to, are actually 
xidNumbers from idmap.ldb, you can confirm this by opening idmap.ldb 
with ldbedit:

ldbedit -e <your favorite editor> --url=/path/to/idmap.ldb

If you compiled samba4 yourself:

ldbedit -e nano --url=/usr/local/samba/private/idmap.ldb

If you give your groups a gidNumber and then your users a uidNumber and 
the relevant gidNumber, the xidNumbers will be overridden and the 
uidNumber's & gidNumbers used instead.

Probably the easiest way of doing this would be to use ADUC on a windows 
client, if you do not have any windows clients, then I am sorry but you 
will have to resort to ldbmodify and ldif's.

Rowland

More information about the Gluster-devel mailing list