[Samba] issue with multiple Samba DC and uid/gid assignment.

Rowland Penny rowlandpenny at googlemail.com
Sun Aug 25 08:44:05 MDT 2013 

On 25/08/13 15:36, dahopkins at comcast.net wrote:
> > Hi, could you please post the smb.conf from both the RHEL5.9 & Ubuntu
> > 12.04 fileservers
>
> I made minimal changes to either of these.  Just noticed that on the 
> RHEL5.9/Samba3 fileserver that I don't have idmap_ldp:use rfc2307 = 
> yes, but that system is working correctly (at least in the sense that 
> user with home directories there do not have issues).
>
> New samba4/12.04 fileserver:
> [global]
>    workgroup = NEWARKCHARTER
>    server string = NCSFS5 Samba 4 Server Version %v
>    netbios name = NCSFS5
>    realm = NCS.K12.DE.US
>    kerberos method = system keytab
>    idmap_ldp:use rfc2307 = yes
>    dns proxy = no
>    log file = /var/log/samba/log
>    max log size = 1000
>    syslog = 0
>    panic action = /usr/share/samba/panic-action %d
>
>    security = ads
>    interfaces = lo eth0 eth1
>    hosts allow = 127. 10.186. 10.179.
>    encrypt passwords = true
>
> [homes]
>    comment = Home Directories
>    browseable = yes
>    read only = no
>    writable = yes
>    valid users = %S
>    create mask = 0600
>    directory mask = 0700
>    csc policy = disable
>    nt acl support = yes
>
> [printers]
>    comment = All Printers
>    browseable = no
>    path = /var/spool/samba
>    printable = yes
>    guest ok = no
>    read only = yes
>    create mask = 0700
>
> [print$]
>    comment = Printer Drivers
>    path = /var/lib/samba/printers
>    browseable = yes
>    read only = yes
>    guest ok = no
>
>
> Pre-existing samba3/RHEL5.9 fileserver (just enough changes to join 
> the domain)
> [global]
>
>         workgroup = NEWARKCHARTER
>         server string = NCSFS2 Samba Server Version %v
>         netbios name = NCSFS2
>         interfaces = lo eth1
>         hosts allow = 127. 10.179. 10.186.
>         smb ports = 139
>         nt acl support = no
>         unix extensions = no
>
>         security = ads
>         realm = NCS.K12.DE.US
>         password server = NCSSAMBA1
>         encrypt passwords = yes
>
>         local master = no
>         os level = 33
>         preferred master = no
>
>         wins server = 10.179.2.25
>         dns proxy = no
>
>         load printers = yes
>         cups options = raw
>
>         printcap name = /etc/printcap
>         printing = cups
> #============================ Share Definitions 
> ==============================
> [homes]
>         comment = Home Directories
>         browseable = yes
>         writable = yes
>         valid users = %S
>         create mask = 0600
>         directory mask = 0700
>         csc policy = disable
>         nt acl support = yes
> [printers]
>         comment = All Printers
>         path = /var/spool/samba
>         browseable = no
>         guest ok = no
>         writable = no
>         printable = yes
> [Profiles]
>     comment = FS2 Network Profiles Service
>     path = /opt/samba/profiles
>     read only = no
>     store dos attributes = Yes
>     writeable = yes
>     create mask = 0600
>     directory mask = 0700
>     csc policy = disable
>     nt acl support = yes
> [profiles.V2]
>    copy = profiles
>    browseable = no
>    read only = no
>
Hello, I am not surprised that you are getting different uids & gids, 
you do not seem to have anything in smb.conf to pull the uidNumber & 
gidNumber from the AD server, unless you are using sssd.

You can either use Steve's original nlscd setup, or install sssd or use 
winbind. If you use winbind you require something like this in smb.conf:

         idmap config EXAMPLE:range = 20000-3100000
         idmap config EXAMPLE:backend = ad
         idmap config *:range = 1100-2000
         idmap config *:backend = tdb

Rowland

More information about the samba mailing list