samba-users August 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: Re: [Samba] UID syncing issues with CTDB

Re: [Samba] UID syncing issues with CTDB

From: Kums <kumaran.rajaram_at_nospam>
Date: Tue Aug 17 2010 - 16:11:53 GMT
To: Jeremy Farrar <jeremy.farrar@gmail.com>

Jeremy,

Install AD Service "Identity Management for Unix", add users/groups into it,
and assign unique UID/GID if you want consistent mapping across CTDB
servers. Use Winbind service to interface the CTDB servers with the AD in
order to pull the right UID/GID for consistent mapping.

Then you can join the CTDB servers to the AD using "net ads join" and query
the AD users using "wbinfo".

[root@ ~]# wbinfo -u list

TESTDOMAIN+administrator

TESTDOMAIN+guest

 TESTDOMAIN+testusera

TESTDOMAIN+testuserc

[root@ ~]# wbinfo -g

TESTDOMAIN+win_users

[root@ ~]# id TESTDOMAIN+testusera

uid=11001(TESTDOMAIN+testusera) gid=20001(TESTDOMAIN+win_users)
groups=20001(TESTDOMAIN+win_users),20002(TESTDOMAIN+domain users)

Please find attached, sample smb.conf.

HTH,
-Kums

On Tue, Aug 17, 2010 at 9:26 AM, Jeremy Farrar <jeremy.farrar@gmail.com>wrote:

> I have been working on a CTDB cluster on and off for a while now. I had it
> working great for a while. THen I decide dthat I wanted to change the
> configuration of my replicated volumes. I changed my DRBD configuration to
> match my desired configuration. Now I can get the CTDB to work quite right.
> I am able to join the cluster to the domain without issues. I can also list
> my ad users and groups using wbinfo so I believe that my nsswitch.conf is
> set up properly. I am having problems with the UIDs and GIDs not matching
> between the two servers. For instance here is the output for getent on each
> server:
>
> Server A:
> jfarrar:*:20066:20001:Jeremy Farrar:/home/DOMAIN/jfarrar:/bin/bash
>
> Server B:
> jfarrar:*:20002:20001:Jeremy Farrar:/home/DOMAIN/jfarrar:/bin/bash
>
> The output looks good but the UID doesn't match. This will lead to some
> weird permissions issues in the future. THe strange thing is that it worked
> before. What did I mess up when I reconfigured my volume? Thanks for your
> help.
>
> smb.conf:
>
> [global]
> server string = %h
> workgroup = DOMAIN
> netbios name = server
> password server = dc1.domain.local
> realm = DOMAIN.LOCAL
> security = ads
> idmap backend = tdb2
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> template shell = /bin/bash
> template homedir = /home/DOMAIN/%U
> winbind uid = 20001-200000
> winbind gid = 20001-200000
> winbind trusted domains only = no
> winbind use default domain = true
> winbind offline logon = false
> winbind enum users = yes
> winbind enum groups = yes
> obey pam restrictions = yes
> printcap name = /etc/printcap
> socket options = TCP_NODELAY SO_KEEPALIVE IPTOS_LOWDELAY SO_BROADCAST
> clustering = yes
> # logs split per machine
> log file = %S.log
> log level = 2
> # max 50KB per log file, then rotate
> max log size = 50
>
> passdb backend = tdbsam
>
> #============================ Share Definitions
> ==============================
>
> [DOMAIN]
> comment = Home Directories
> path = /DOMAIN
> browseable = no
> writable = yes
> # acl compatibility = auto
> acl check permissions = True
> nt acl support = yes
> ea support = yes
> acl map full control = True
> map acl inherit = yes
> inherit acls = yes
>
> nsswitch.conf:
>
> passwd: files winbind
> shadow: files winbind
> group: files winbind
>
> hosts: files dns
>
> bootparams: nisplus [NOTFOUND=return] files
>
> ethers: files
> netmasks: files
> networks: files
> protocols: files
> rpc: files
> services: files
>
> netgroup: files
>
> publickey: nisplus
>
> automount: files
> aliases: files nisplus
>
> ctdb.conf:
>
> CTDB_RECOVERY_LOCK="/EDAPT/ctdb/CTDB_lock"
> CTDB_PUBLIC_INTERFACE=eth0
> CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses
> CTDB_MANAGES_SAMBA=no
> CTDB_SAMBA_CHECK_PORTS="445"
> CTDB_MANAGES_WINBIND=no
> CTDB_INIT_STYLE=redhat
> CTDB_SERVICE_SMB=smb
> CTDB_SERVICE_WINBIND=winbind
> ulimit -n 10000
> CTDB_NODES=/etc/ctdb/nodes
> CTDB_DBDIR=/var/ctdb
> CTDB_DBDIR_PERSISTENT=/EDAPT/ctdb/persistent
> CTDB_EVENT_SCRIPT_DIR=/etc/ctdb/events.d
> CTDB_SOCKET=/tmp/ctdb.socket
> CTDB_TRANSPORT="tcp"
> CTDB_LOGFILE=/var/log/log.ctdb
> CTDB_DEBUGLEVEL=2
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>

-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba