A quick follow-on ... if I examine the local sam.ldb on the server2 via ldbedit, it appears the information is correct, but wbinfo still reports different numbers:
wbinfo -i Test24.User Domain\Test24.User:*:3000134:100::/home/Domain/Test24.User:/bin/false But the information in the /usr/local/samba/private/sam.ldb is: # record 979 dn: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,DC=us objectClass: top objectClass: posixAccount objectClass: person objectClass: organizationalPerson objectClass: user cn: Test24.User instanceType: 4 whenCreated: 20130824224742.0Z whenChanged: 20130824224803.0Z uSNCreated: 10910 uSNChanged: 10910 name: Test24.User objectGUID: f0cafbd5-aa3e-4c45-a3d1-1009efc9709e userAccountControl: 512 codePage: 0 countryCode: 0 homeDirectory: \\server1\home\staff\Test24.User homeDrive: P: pwdLastSet: 130218580630000000 primaryGroupID: 513 profilePath: \\server1\profiles\Test24.User objectSid: S-1-5-21-276688905-1455118844-2751846679-67110336 accountExpires: 9223372036854775807 sAMAccountName: Test24.User sAMAccountType: 805306368 userPrincipalName: test24.u...@ncs.k12.de.us objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ncs,DC=k12,DC=de,DC=us uidNumber: 3000054 gidNumber: 513 unixHomeDirectory: /home/staff/Test24.User loginShell: /bin/bash distinguishedName: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,DC=us >wbinfo -i Test24.User Domain\Test24.User:*:3000134:100::/home/Domain/Test24.User:/bin/false ----- Original Message ----- From: dahopk...@comcast.net To: "samba" <samba@lists.samba.org> Sent: Saturday, August 24, 2013 7:02:18 PM Subject: [Samba] issue with multiple Samba DC and uid/gid assignment. I have 2 Ubuntu 12.04/samba 4 servers acting as DCs for my Domain. I provisioned the Domain by using the classicupgrade (prior authentication was LDAP+Samba). I have added some new test users. I also have two files servers. One is running RHEL 5.9/Samba 3, the other Ubuntu 12.04/Samba 4. Users that have their home directories and profiles stored on the RHEL5.9/Samba 3 fileserver work correctly. Those that are mapped to the Ubuntu 12.04/Samba 4 fileserver get "permission denied" and temp profiles. It appears the issue is that for some reason, the users have different uid/gid on the 2 Samba 4 DCs .. and I don't know why. I used wbinfo to collect the following: All the accounts were created on Server 1 using the s4user script (slightly modified to provide more output to the screen for debugging) from http://linuxcostablanca.blogspot.com . However, the uid reported by the servers is different? Shouldn't server 1 have replicated this data to server 2? When I check the home directories, they have the uid associated with server 1. Example: If I create a new user, the output from the script is: > ./s4user Test24 User MyPassword staff server1 Creating s4 posix user Test24 Pls enter pwd for Test24 User: Test24 User User 'Test24.User' created successfully dn: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,DC=us changetype: modify add: objectclass objectclass: posixaccount - add: uidnumber uidnumber: 3000054 - add: gidnumber gidnumber: 513 - add:unixhomedirectory unixhomedirectory: /home/staff/Test24.User - add: loginshell loginshell: /bin/bash Modified 1 records successfully dn: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,DC=us changetype: modify replace: primarygroupid primarygroupid: 513 sleeping for 5 seconds Modified 1 records successfully Creating the home directory and setting ownership dn: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,dc=us changetype: modify add: profilePath profilePath: \\server1\profiles\Test24.User - add: homeDrive homeDrive: P: - add: homeDirectory homeDirectory: \\server1\home\staff\Test24.User sleeping for 5 seconds Modified 1 records successfully New user: Test24 POSIX-ified as follows: uid 3000054 gid 513 primaryGroupID 513 sid S-1-5-21-276688905-1455118844-2751846679-513 Then use wbinfo on each server: Server1 > wbinfo -i Test24.User Domain\Test24.User:*:3000054:513::/home/Domain/Test24.User:/bin/false Server2 wbinfo -i Test24.User Domain\Test24.User:*:3000134:100::/home/DomainTest24.User:/bin/false Notice that the group id and uid are both different. Why? The basics of the script are: samba-tool user add Username Password ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=ncs,dc=k12,dc=de,dc=us /tmp/Username Where the file Username has the entries needed to define the Unix information, and the information for the Account and Profile tabs in ADUC. Do I need to manuall run the ldbmodify command on server2 and modify the /usr/local/samba/private/sam.ldb to ensure that it is synced with server1? Sincerely, Dave Hopkins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
