[Samba] issue with multiple Samba DC and uid/gid assignment.

dahopkins at comcast.net dahopkins at comcast.net
Sat Aug 24 17:02:18 MDT 2013 

I have 2 Ubuntu 12.04/samba 4 servers acting as DCs for my Domain. I provisioned the Domain by using the classicupgrade (prior authentication was LDAP+Samba). I have added some new test users. I also have two files servers. One is running RHEL 5.9/Samba 3, the other Ubuntu 12.04/Samba 4. Users that have their home directories and profiles stored on the RHEL5.9/Samba 3 fileserver work correctly. Those that are mapped to the Ubuntu 12.04/Samba 4 fileserver get "permission denied" and temp profiles. It appears the issue is that for some reason, the users have different uid/gid on the 2 Samba 4 DCs .. and I don't know why. I used wbinfo to collect the following: 

All the accounts were created on Server 1 using the s4user script (slightly modified to provide more output to the screen for debugging) from http://linuxcostablanca.blogspot.com . 

However, the uid reported by the servers is different? Shouldn't server 1 have replicated this data to server 2? When I check the home directories, they have the uid associated with server 1. 
Example: If I create a new user, the output from the script is: 

> ./s4user Test24 User MyPassword staff server1 
Creating s4 posix user Test24 
Pls enter pwd for Test24 
User: Test24 User 
User 'Test24.User' created successfully 
dn: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,DC=us 
changetype: modify 
add: objectclass 
objectclass: posixaccount 
- 
add: uidnumber 
uidnumber: 3000054 
- 
add: gidnumber 
gidnumber: 513 
- 
add:unixhomedirectory 
unixhomedirectory: /home/staff/Test24.User 
- 
add: loginshell 
loginshell: /bin/bash 
Modified 1 records successfully 
dn: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,DC=us 
changetype: modify 
replace: primarygroupid 
primarygroupid: 513 
sleeping for 5 seconds 
Modified 1 records successfully 
Creating the home directory and setting ownership 
dn: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,dc=us 
changetype: modify 
add: profilePath 
profilePath: \\server1\profiles\Test24.User 
- 
add: homeDrive 
homeDrive: P: 
- 
add: homeDirectory 
homeDirectory: \\server1\home\staff\Test24.User 
sleeping for 5 seconds 
Modified 1 records successfully 
New user: Test24 POSIX-ified as follows: 
uid 3000054 
gid 513 
primaryGroupID 513 
sid S-1-5-21-276688905-1455118844-2751846679-513 

Then use wbinfo on each server: 
Server1 
> wbinfo -i Test24.User 
Domain\Test24.User:*:3000054:513::/home/Domain/Test24.User:/bin/false 
Server2 
wbinfo -i Test24.User 
Domain\Test24.User:*:3000134:100::/home/DomainTest24.User:/bin/false 


Notice that the group id and uid are both different. Why? 
The basics of the script are: 

samba-tool user add Username Password 
ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=ncs,dc=k12,dc=de,dc=us /tmp/Username 

Where the file Username has the entries needed to define the Unix information, and the information for the Account and Profile tabs in ADUC. Do I need to manuall run the ldbmodify command on server2 and modify the /usr/local/samba/private/sam.ldb to ensure that it is synced with server1? 

Sincerely, 
Dave Hopkins

More information about the samba mailing list