[Samba] 2 Servers different gid?
Shaun Martin
smartin at myvu.com
Fri May 25 12:14:17 GMT 2007
Hi All,
I have 2 servers both running a compiled version of samba and winbind. They
use my Windows Active Directory for user authentication via kerberoes. All
that works fine and I can see and authenticate as any user. Every user on
both machines have the same uid, the problem is the groups from the windows
domain have different gid¹s on each of the servers. I am using nfs to export
the file-system from one machine to another so I need the gid¹s to match up.
I do not know what I am doing wrong. Here is some info on each of the
servers.
Server 1
mos-it:~# uname -a
Linux mos-it 2.6.8sm #1 SMP Tue Mar 20 12:00:13 EDT 2007 x86_64 GNU/Linux
mos-it:~# smbd --version
Version 3.0.24
mos-it:~# winbindd --version
Version 3.0.24
mos-it:~# getent passwd mgirolamo
mgirolamo:*:10044:10000:Mark Girolamo:/home/mgirolamo:/bin/bash
mos-it:~# id mgirolamo
uid=10044(mgirolamo) gid=10000(domain users) groups=10000(domain
users),10011(all),10013(accounting),10018(execs),10021(mas200),10024(admacct
)
mos-it:~# getent group accounting
accounting:x:10013:mgirolamo,jmccarty,rdemore
Server2
mos-fs:~# uname -a
Linux mos-fs 2.6.8sm4 #1 SMP Wed Mar 14 20:13:33 EDT 2007 x86_64 GNU/Linux
mos-fs:~# smbd --version
Version 3.0.24
mos-fs:~# winbindd --version
Version 3.0.24
mos-fs:~# getent passwd mgirolamo
mgirolamo:*:10044:10000:Mark Girolamo:/home/mgirolamo:/bin/bash
mos-fs:~# id mgirolamo
uid=10044(mgirolamo) gid=10000(domain users) groups=10000(domain
users),10004(all),10017(accounting),10022(execs),10023(mas200),10024(admacct
)
mos-fs:~# getent group accounting
accounting:x:10017:mgirolamo,jmccarty,rdemore
AS YOU CAN SEE FROM THE DIFFERENT id COMMANDS ON THE SEPARATE SERVERS THAT
THE GID DON¹T MATCH, THE SAMBA CONFIGS FOR EACH SERVER ARE BELOW. THANKS IN
ADVANCE FOR ANY HELP YOU MIGHT BE ABLE TO GIVE ME.
Server 1 Samba Config
mos-it:~# more /usr/local/samba/lib/smb.conf
#======================= Global Settings =======================
[global]
workgroup = MYVU
security = ads
password server = mos-pdc
server string = mos-it
;%h server (Samba %v)
; wins support = no
winbind use default domain = yes
realm = myvu.lc
winbind uid = 10000-20000
winbind gid = 10000-20000
preferred master = no
os level = 20
wins server = mos-pdc
dns proxy = no
; name resolve order = lmhosts host wins bcast
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
encrypt passwords = true
template homedir = /home/%U
template shell = /bin/bash
printcap name = cups
printing = cups
#### Debugging/Accounting ####
log file = /var/log/samba/log.%m
max log size = 1000
; syslog only = no
syslog = 0
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
; security = user
; encrypt passwords = true
passdb backend = tdbsam
; obey pam restrictions = yes
; guest account = nobody
; invalid users = root
; unix password sync = no
; passwd program = /usr/bin/passwd %u
; passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spasswor
d:* %n\n .
; pam password change = no
######## File sharing ########
# Name mangling options
; preserve case = yes
; short preserve case = yes
############ Misc ############
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /home/samba/etc/smb.conf.%m
# Most people will find that this option gives better performance.
# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/speed.html
# for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY
# The following parameter is useful only if you have the linpopup package
# installed. The samba maintainer and the linpopup maintainer are
# working to ease installation and configuration of linpopup and samba.
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
# Domain Master specifies Samba to be the Domain Master Browser. If this
# machine will be configured as a BDC (a secondary logon server), you
# must set this to 'no'; otherwise, the default behavior is recommended.
; domain master = auto
# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
; idmap uid = 10000-20000
; idmap gid = 10000-20000
; template shell = /bin/bash
#======================= Share Definitions =======================
# By default, the home directories are exported read-only. Change next
# parameter to 'yes' if you want to be able to write to them.
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
# Directory creation mask is set to 0700 for security reasons. If you want
to
# create dirs. with group=rw permissions, set next parameter to 0775.
# Un-comment the following and create the netlogon directory for Domain
Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
; comment = Network Logon Service
; path = /home/samba/netlogon
; guest ok = yes
; writable = no
; share modes = no
[printers]
comment = All Printers
browseable = yes
path = /tmp
printable = yes
public = yes
writable = yes
create mode = 0700
# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
writeable = yes
read only = no
guest ok = yes
# Uncomment to allow remote administration of Windows print drivers.
# Replace 'ntadmin' with the name of the group your admin users are
# members of.
write list = root, @ntadmin, smartin, Administrator
# A sample share for sharing your CD-ROM with others.
;[cdrom]
; comment = Samba server's CD-ROM
; writable = no
; locking = no
; path = /cdrom
; public = yes
# The next two parameters show how to auto-mount a CD-ROM when the
# cdrom share is accesed. For this to work /etc/fstab must contain
# an entry like this:
#
# /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0
#
# The CD-ROM gets unmounted automatically after the connection to the
#
# If you don't want to use auto-mounting/unmounting make sure the CD
# is mounted on /cdrom
#
; preexec = /bin/mount /cdrom
; postexec = /bin/umount /cdrom
Server2 Samba Config
mos-fs:~# more /usr/local/samba/lib/smb.conf
#======================= Global Settings =======================
[global]
workgroup = MYVU
security = ads
password server = mos-pdc
server string = mos-fs
;%h server (Samba %v)
; wins support = no
winbind use default domain = yes
realm = myvu.lc
winbind uid = 10000-20000
winbind gid = 10000-20000
preferred master = no
os level = 20
wins server = mos-pdc
dns proxy = no
; name resolve order = lmhosts host wins bcast
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
encrypt passwords = true
template homedir = /home/%U
template shell = /bin/bash
#### Debugging/Accounting ####
log file = /var/log/samba/log.%m
max log size = 1000
; syslog only = no
syslog = 0
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
; security = user
; encrypt passwords = true
passdb backend = tdbsam
; obey pam restrictions = yes
; guest account = nobody
invalid users = root
; unix password sync = no
; passwd program = /usr/bin/passwd %u
; passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spasswor
d:* %n\n .
; pam password change = no
######## File sharing ########
# Name mangling options
; preserve case = yes
; short preserve case = yes
############ Misc ############
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /home/samba/etc/smb.conf.%m
# Most people will find that this option gives better performance.
# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/speed.html
# for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY
# The following parameter is useful only if you have the linpopup package
# installed. The samba maintainer and the linpopup maintainer are
# working to ease installation and configuration of linpopup and samba.
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
# Domain Master specifies Samba to be the Domain Master Browser. If this
# machine will be configured as a BDC (a secondary logon server), you
# must set this to 'no'; otherwise, the default behavior is recommended.
; domain master = auto
# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
; idmap uid = 10000-20000
; idmap gid = 10000-20000
; template shell = /bin/bash
#======================= Share Definitions =======================
[homes]
comment = Home Directories
browseable = no
# By default, the home directories are exported read-only. Change next
# parameter to 'yes' if you want to be able to write to them.
writable = yes
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
create mask = 0700
# Directory creation mask is set to 0700 for security reasons. If you want
to
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0700
# Un-comment the following and create the netlogon directory for Domain
Logons
# (you need to configure Samba to act as a domain controller too.)
[shared]
path = /data
comment = Myvu Shared
browseable = yes
writeable = yes
create mask = 0777
directory mask = 0777
;[netlogon]
; comment = Network Logon Service
; path = /home/samba/netlogon
; guest ok = yes
; writable = no
; share modes = no
#[printers]
# comment = All Printers
# browseable = no
# path = /tmp
# printable = yes
# public = no
# writable = no
# create mode = 0700
# Windows clients look for this share name as a source of downloadable
# printer drivers
#[print$]
# comment = Printer Drivers
# path = /var/lib/samba/printers
# browseable = yes
# read only = yes
# guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# Replace 'ntadmin' with the name of the group your admin users are
# members of.
; write list = root, @ntadmin
# A sample share for sharing your CD-ROM with others.
;[cdrom]
; comment = Samba server's CD-ROM
; writable = no
; locking = no
; path = /cdrom
; public = yes
# The next two parameters show how to auto-mount a CD-ROM when the
# cdrom share is accesed. For this to work /etc/fstab must contain
# an entry like this:
#
# /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0
#
# The CD-ROM gets unmounted automatically after the connection to the
#
# If you don't want to use auto-mounting/unmounting make sure the CD
# is mounted on /cdrom
#
; preexec = /bin/mount /cdrom
; postexec = /bin/umount /cdrom
--
Shaun Martin
IT Manager
More information about the samba
mailing list