[Samba] issue with multiple Samba DC and uid/gid assignment.

dahopkins at comcast.net dahopkins at comcast.net
Sat Aug 24 17:27:22 MDT 2013 

A quick follow-on ... if I examine the local sam.ldb on the server2 via ldbedit, it appears the information is correct, but wbinfo still reports different numbers: 

wbinfo -i Test24.User 
Domain\Test24.User:*:3000134:100::/home/Domain/Test24.User:/bin/false 

But the information in the /usr/local/samba/private/sam.ldb is: 

# record 979 
dn: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,DC=us 
objectClass: top 
objectClass: posixAccount 
objectClass: person 
objectClass: organizationalPerson 
objectClass: user 
cn: Test24.User 
instanceType: 4 
whenCreated: 20130824224742.0Z 
whenChanged: 20130824224803.0Z 
uSNCreated: 10910 
uSNChanged: 10910 
name: Test24.User 
objectGUID: f0cafbd5-aa3e-4c45-a3d1-1009efc9709e 
userAccountControl: 512 
codePage: 0 
countryCode: 0 
homeDirectory: \\server1\home\staff\Test24.User 
homeDrive: P: 
pwdLastSet: 130218580630000000 
primaryGroupID: 513 
profilePath: \\server1\profiles\Test24.User 
objectSid: S-1-5-21-276688905-1455118844-2751846679-67110336 
accountExpires: 9223372036854775807 
sAMAccountName: Test24.User 
sAMAccountType: 805306368 
userPrincipalName: Test24.User at ncs.k12.de.us 
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ncs,DC=k12,DC=de,DC=us 
uidNumber: 3000054 
gidNumber: 513 
unixHomeDirectory: /home/staff/Test24.User 
loginShell: /bin/bash 
distinguishedName: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,DC=us 

>wbinfo -i Test24.User 
Domain\Test24.User:*:3000134:100::/home/Domain/Test24.User:/bin/false 


----- Original Message -----

From: dahopkins at comcast.net 
To: "samba" <samba at lists.samba.org> 
Sent: Saturday, August 24, 2013 7:02:18 PM 
Subject: [Samba] issue with multiple Samba DC and uid/gid assignment. 

I have 2 Ubuntu 12.04/samba 4 servers acting as DCs for my Domain. I provisioned the Domain by using the classicupgrade (prior authentication was LDAP+Samba). I have added some new test users. I also have two files servers. One is running RHEL 5.9/Samba 3, the other Ubuntu 12.04/Samba 4. Users that have their home directories and profiles stored on the RHEL5.9/Samba 3 fileserver work correctly. Those that are mapped to the Ubuntu 12.04/Samba 4 fileserver get "permission denied" and temp profiles. It appears the issue is that for some reason, the users have different uid/gid on the 2 Samba 4 DCs .. and I don't know why. I used wbinfo to collect the following: 

All the accounts were created on Server 1 using the s4user script (slightly modified to provide more output to the screen for debugging) from http://linuxcostablanca.blogspot.com . 

However, the uid reported by the servers is different? Shouldn't server 1 have replicated this data to server 2? When I check the home directories, they have the uid associated with server 1. 
Example: If I create a new user, the output from the script is: 

> ./s4user Test24 User MyPassword staff server1 
Creating s4 posix user Test24 
Pls enter pwd for Test24 
User: Test24 User 
User 'Test24.User' created successfully 
dn: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,DC=us 
changetype: modify 
add: objectclass 
objectclass: posixaccount 
- 
add: uidnumber 
uidnumber: 3000054 
- 
add: gidnumber 
gidnumber: 513 
- 
add:unixhomedirectory 
unixhomedirectory: /home/staff/Test24.User 
- 
add: loginshell 
loginshell: /bin/bash 
Modified 1 records successfully 
dn: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,DC=us 
changetype: modify 
replace: primarygroupid 
primarygroupid: 513 
sleeping for 5 seconds 
Modified 1 records successfully 
Creating the home directory and setting ownership 
dn: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,dc=us 
changetype: modify 
add: profilePath 
profilePath: \\server1\profiles\Test24.User 
- 
add: homeDrive 
homeDrive: P: 
- 
add: homeDirectory 
homeDirectory: \\server1\home\staff\Test24.User 
sleeping for 5 seconds 
Modified 1 records successfully 
New user: Test24 POSIX-ified as follows: 
uid 3000054 
gid 513 
primaryGroupID 513 
sid S-1-5-21-276688905-1455118844-2751846679-513 

Then use wbinfo on each server: 
Server1 
> wbinfo -i Test24.User 
Domain\Test24.User:*:3000054:513::/home/Domain/Test24.User:/bin/false 
Server2 
wbinfo -i Test24.User 
Domain\Test24.User:*:3000134:100::/home/DomainTest24.User:/bin/false 


Notice that the group id and uid are both different. Why? 
The basics of the script are: 

samba-tool user add Username Password 
ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=ncs,dc=k12,dc=de,dc=us /tmp/Username 

Where the file Username has the entries needed to define the Unix information, and the information for the Account and Profile tabs in ADUC. Do I need to manuall run the ldbmodify command on server2 and modify the /usr/local/samba/private/sam.ldb to ensure that it is synced with server1? 

Sincerely, 
Dave Hopkins 

-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba

More information about the samba mailing list