On 19/02/14 11:12, Daniel Müller wrote:
So I will use ADUC and the UNIX option there nis-Domain ,uid?
Yes, but you will also have to give whatever windows groups that you
want to use from linux (usually just Domain Users & Domain Admins) a gid
number as well.
Rowland
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
"Der Mensch ist die Medizin des Menschen"
-----Ursprüngliche Nachricht-----
Von: Rowland Penny [mailto:rowlandpe...@googlemail.com]
Gesendet: Mittwoch, 19. Februar 2014 11:14
An: muel...@tropenklinik.de; sa...@lists.samba.org
Cc: gluster-devel@nongnu.org
Betreff: Re: AW: [Samba] Samba4: Strange Behaveiour On Home share with 2 DC
replicating /vfs glusterfs
On 19/02/14 10:01, Daniel Müller wrote:
Now how do I give them uids on creating?
In practice suggestion from :
https://wiki.samba.org/index.php/Adding_users_with_samba_tool
for 50 Users can not be done.
Seems even the groups uid in both DCs differ:
ON DC1
TPLK\Enterprise Read-Only Domain Controllers:*:3000016:
TPLK\Domain Admins:*:3000008:
TPLK\Domain Users:*:100:
TPLK\Domain Guests:*:3000012:
TPLK\Domain Computers:*:3000017:
TPLK\Domain Controllers:*:3000018:
TPLK\Schema Admins:*:3000007:
TPLK\Enterprise Admins:*:3000006:
TPLK\Group Policy Creator Owners:*:3000004:
TPLK\Read-Only Domain Controllers:*:3000019:
TPLK\DnsUpdateProxy:*:3000020:
ON DC2
TPLK\Enterprise Read-Only Domain Controllers:*:3000028:
TPLK\Domain Admins:*:3000009:
TPLK\Domain Users:*:100:
TPLK\Domain Guests:*:3000003:
TPLK\Domain Computers:*:3000019:
TPLK\Domain Controllers:*:3000015:
TPLK\Schema Admins:*:3000010:
TPLK\Enterprise Admins:*:3000008:
TPLK\Group Policy Creator Owners:*:3000007:
TPLK\Read-Only Domain Controllers:*:3000029:
TPLK\DnsUpdateProxy:*:3000030:
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
"Der Mensch ist die Medizin des Menschen"
-----Ursprüngliche Nachricht-----
Von: Rowland Penny [mailto:rowlandpe...@googlemail.com]
Gesendet: Mittwoch, 19. Februar 2014 10:40
An: muel...@tropenklinik.de; sa...@lists.samba.org
Cc: gluster-devel@nongnu.org
Betreff: Re: [Samba] Samba4: Strange Behaveiour On Home share with 2
DC replicating /vfs glusterfs
On 19/02/14 07:19, Daniel Müller wrote:
There is a strange behaviour having two DCs joined in one Domain
concerning the [home] share.
The [home] is fixed on a replicating gluster volume on both DC.
Now creating the users directory with ADUC ex.:
\\s4master\home\%username% would do the necessary and the directory
is created on both dcs. On the first DC all working fine without any
issue but on the second the user cannot login their home shares
pointing to ex: \\s4slave\home\testneu The reason is a different UID!?
EX.: on the first DC 3000030 on the second 3000023!?
How can I fix this?
Greetings Daniel
On DC1:
[home]
comment=home s4master verzeichnis auf gluster node1 vfs objects=
recycle, glusterfs recycle:repository= /%P/%U/.Papierkorb
glusterfs:volume= sambacluster glusterfs:volfile_server = 172.17.1.1
recycle:exclude = *.tmp,*.temp,*.log,*.ldb,*.TMP,?~$*,~$*
recycle:keeptree = Yes
recycle:exclude_dir = .Papierkorb,tmp,temp,profile,.profile
recycle:touch_mtime = yes
recycle:versions = Yes
msdfs root=yes
path=/ads/home
read only=no
posix locking =NO
kernel share modes = No
[root@s4master home]# getfacl testneu # file: testneu # owner: root #
group: users user::rwx user:root:rwx user:3000000:rwx
user:TPLK\134testneu:rwx
group::---
group:users:---
group:3000000:rwx
group:3000030:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:3000000:rwx
default:user:TPLK\134testneu:rwx
default:group::---
default:group:users:---
default:group:3000000:rwx
default:group:3000030:rwx
default:mask::rwx
default:other::---
[root@s4master home]# id testneu
uid=3000030(TPLK\testneu) gid=100(users) Gruppen=100(users)
On DC2:
[home]
comment=home s4slave verzeichnis auf gluster node2 vfs objects=
recycle, glusterfs recycle:repository= /%P/%U/.Papierkorb
glusterfs:volume= sambacluster glusterfs:volfile_server = 172.17.1.2
recycle:exclude = *.tmp,*.temp,*.log,*.ldb,*.TMP,?~$*,~$*
recycle:keeptree = Yes
recycle:exclude_dir = .Papierkorb,tmp,temp,profile,.profile
recycle:touch_mtime = yes
recycle:versions = Yes
msdfs root=yes
path=/ads/home
read only=no
posix locking =NO
kernel share modes = No
[root@s4slave home]# getfacl testneu
# file: testneu
# owner: root
# group: users
user::rwx
user:root:rwx
user:3000000:rwx
user:3000030:rwx
group::---
group:users:---
group:3000000:rwx
group:3000030:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:3000000:rwx
default:user:3000030:rwx
default:group::---
default:group:users:---
default:group:3000000:rwx
default:group:3000030:rwx
default:mask::rwx
default:other::---
[root@s4slave home]# id testneu
uid=3000023(TPLK\testneu) gid=100(users) Gruppen=100(users)
<---should be the same as DC1!?
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
"Der Mensch ist die Medizin des Menschen"
Fairly easily, give your users uidNumber's & gidNumber's
Rowland
The problem here is that the numbers you are referring to, are actually
xidNumbers from idmap.ldb, you can confirm this by opening idmap.ldb
with ldbedit:
ldbedit -e <your favorite editor> --url=/path/to/idmap.ldb
If you compiled samba4 yourself:
ldbedit -e nano --url=/usr/local/samba/private/idmap.ldb
If you give your groups a gidNumber and then your users a uidNumber and
the relevant gidNumber, the xidNumbers will be overridden and the
uidNumber's & gidNumbers used instead.
Probably the easiest way of doing this would be to use ADUC on a windows
client, if you do not have any windows clients, then I am sorry but you
will have to resort to ldbmodify and ldif's.
Rowland
_______________________________________________
Gluster-devel mailing list
Gluster-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/gluster-devel