[Gluster-devel] [Samba] Samba4: Strange Behaveiour On Home share with 2 DC replicating /vfs glusterfs

Rowland Penny rowlandpenny at googlemail.com
Wed Feb 19 12:29:07 UTC 2014 

On 19/02/14 11:12, Daniel Müller wrote:
> So I will use ADUC and the UNIX option there nis-Domain ,uid?
Yes, but you will also have to give whatever windows groups that you 
want to use from linux (usually just Domain Users & Domain Admins) a gid 
number as well.

Rowland
>
>
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> "Der Mensch ist die Medizin des Menschen"
>
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: Rowland Penny [mailto:rowlandpenny at googlemail.com]
> Gesendet: Mittwoch, 19. Februar 2014 11:14
> An: mueller at tropenklinik.de; samba at lists.samba.org
> Cc: gluster-devel at nongnu.org
> Betreff: Re: AW: [Samba] Samba4: Strange Behaveiour On Home share with 2 DC
> replicating /vfs glusterfs
>
> On 19/02/14 10:01, Daniel Müller wrote:
>> Now how do I give them uids on creating?
>> In practice suggestion from :
>> https://wiki.samba.org/index.php/Adding_users_with_samba_tool
>> for 50 Users can not be done.
>> Seems even the groups uid in both DCs differ:
>> ON DC1
>>
>> TPLK\Enterprise Read-Only Domain Controllers:*:3000016:
>> TPLK\Domain Admins:*:3000008:
>> TPLK\Domain Users:*:100:
>> TPLK\Domain Guests:*:3000012:
>> TPLK\Domain Computers:*:3000017:
>> TPLK\Domain Controllers:*:3000018:
>> TPLK\Schema Admins:*:3000007:
>> TPLK\Enterprise Admins:*:3000006:
>> TPLK\Group Policy Creator Owners:*:3000004:
>> TPLK\Read-Only Domain Controllers:*:3000019:
>> TPLK\DnsUpdateProxy:*:3000020:
>>
>> ON DC2
>>
>> TPLK\Enterprise Read-Only Domain Controllers:*:3000028:
>> TPLK\Domain Admins:*:3000009:
>> TPLK\Domain Users:*:100:
>> TPLK\Domain Guests:*:3000003:
>> TPLK\Domain Computers:*:3000019:
>> TPLK\Domain Controllers:*:3000015:
>> TPLK\Schema Admins:*:3000010:
>> TPLK\Enterprise Admins:*:3000008:
>> TPLK\Group Policy Creator Owners:*:3000007:
>> TPLK\Read-Only Domain Controllers:*:3000029:
>> TPLK\DnsUpdateProxy:*:3000030:
>>
>>
>> EDV Daniel Müller
>>
>> Leitung EDV
>> Tropenklinik Paul-Lechler-Krankenhaus
>> Paul-Lechler-Str. 24
>> 72076 Tübingen
>> Tel.: 07071/206-463, Fax: 07071/206-499
>> eMail: mueller at tropenklinik.de
>> Internet: www.tropenklinik.de
>> "Der Mensch ist die Medizin des Menschen"
>>
>>
>>
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Rowland Penny [mailto:rowlandpenny at googlemail.com]
>> Gesendet: Mittwoch, 19. Februar 2014 10:40
>> An: mueller at tropenklinik.de; samba at lists.samba.org
>> Cc: gluster-devel at nongnu.org
>> Betreff: Re: [Samba] Samba4: Strange Behaveiour On Home share with 2
>> DC replicating /vfs glusterfs
>>
>> On 19/02/14 07:19, Daniel Müller wrote:
>>> There is a strange behaviour having two DCs joined in one Domain
>>> concerning the  [home] share.
>>> The [home] is fixed on a replicating gluster volume on both DC.
>>> Now creating the users directory with ADUC ex.:
>>> \\s4master\home\%username% would do the necessary and the directory
>>> is created on both dcs. On the first DC all working fine without any
>>> issue but on the second the user cannot login their home shares
>>> pointing to ex: \\s4slave\home\testneu The reason is a different UID!?
>>> EX.: on the first DC 3000030 on the second 3000023!?
>>> How can I fix this?
>>>
>>> Greetings Daniel
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On DC1:
>>>
>>>
>>> [home]
>>> comment=home s4master verzeichnis auf gluster node1 vfs objects=
>>> recycle, glusterfs recycle:repository= /%P/%U/.Papierkorb
>>> glusterfs:volume= sambacluster glusterfs:volfile_server = 172.17.1.1
>>> recycle:exclude = *.tmp,*.temp,*.log,*.ldb,*.TMP,?~$*,~$*
>>> recycle:keeptree = Yes
>>> recycle:exclude_dir = .Papierkorb,tmp,temp,profile,.profile
>>> recycle:touch_mtime = yes
>>> recycle:versions = Yes
>>> msdfs root=yes
>>> path=/ads/home
>>> read only=no
>>> posix locking =NO
>>> kernel share modes = No
>>>
>>>
>>>
>>>
>>> [root at s4master home]# getfacl testneu # file: testneu # owner: root #
>>> group: users user::rwx user:root:rwx user:3000000:rwx
>>> user:TPLK\134testneu:rwx
>>> group::---
>>> group:users:---
>>> group:3000000:rwx
>>> group:3000030:rwx
>>> mask::rwx
>>> other::---
>>> default:user::rwx
>>> default:user:root:rwx
>>> default:user:3000000:rwx
>>> default:user:TPLK\134testneu:rwx
>>> default:group::---
>>> default:group:users:---
>>> default:group:3000000:rwx
>>> default:group:3000030:rwx
>>> default:mask::rwx
>>> default:other::---
>>>
>>> [root at s4master home]# id testneu
>>> uid=3000030(TPLK\testneu) gid=100(users) Gruppen=100(users)
>>>
>>> On DC2:
>>> [home]
>>> comment=home s4slave verzeichnis auf gluster node2 vfs objects=
>>> recycle, glusterfs recycle:repository= /%P/%U/.Papierkorb
>>> glusterfs:volume= sambacluster glusterfs:volfile_server = 172.17.1.2
>>> recycle:exclude = *.tmp,*.temp,*.log,*.ldb,*.TMP,?~$*,~$*
>>> recycle:keeptree = Yes
>>> recycle:exclude_dir = .Papierkorb,tmp,temp,profile,.profile
>>> recycle:touch_mtime = yes
>>> recycle:versions = Yes
>>> msdfs root=yes
>>> path=/ads/home
>>> read only=no
>>> posix locking =NO
>>> kernel share modes = No
>>>
>>> [root at s4slave home]# getfacl testneu
>>> # file: testneu
>>> # owner: root
>>> # group: users
>>> user::rwx
>>> user:root:rwx
>>> user:3000000:rwx
>>> user:3000030:rwx
>>> group::---
>>> group:users:---
>>> group:3000000:rwx
>>> group:3000030:rwx
>>> mask::rwx
>>> other::---
>>> default:user::rwx
>>> default:user:root:rwx
>>> default:user:3000000:rwx
>>> default:user:3000030:rwx
>>> default:group::---
>>> default:group:users:---
>>> default:group:3000000:rwx
>>> default:group:3000030:rwx
>>> default:mask::rwx
>>> default:other::---
>>>
>>> [root at s4slave home]# id testneu
>>> uid=3000023(TPLK\testneu) gid=100(users) Gruppen=100(users)
>>> <---should be the same as DC1!?
>>>
>>>
>>>
>>> EDV Daniel Müller
>>>
>>> Leitung EDV
>>> Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24
>>> 72076 Tübingen
>>> Tel.: 07071/206-463, Fax: 07071/206-499
>>> eMail: mueller at tropenklinik.de
>>> Internet: www.tropenklinik.de
>>> "Der Mensch ist die Medizin des Menschen"
>>>
>>>
>>>
>>>
>>>
>> Fairly easily, give your users uidNumber's & gidNumber's
>>
>> Rowland
>>
>>
> The problem here is that the numbers you are referring to, are actually
> xidNumbers from idmap.ldb, you can confirm this by opening idmap.ldb
> with ldbedit:
>
> ldbedit -e <your favorite editor> --url=/path/to/idmap.ldb
>
> If you compiled samba4 yourself:
>
> ldbedit -e nano --url=/usr/local/samba/private/idmap.ldb
>
> If you give your groups a gidNumber and then your users a uidNumber and
> the relevant gidNumber, the xidNumbers will be overridden and the
> uidNumber's & gidNumbers used instead.
>
> Probably the easiest way of doing this would be to use ADUC on a windows
> client, if you do not have any windows clients, then I am sorry but you
> will have to resort to ldbmodify and ldif's.
>
> Rowland
>

More information about the Gluster-devel mailing list