samba - May 2007 - 2 Servers different gid?

Hi All,

I have 2 servers both running a compiled version of samba and winbind. They
use my Windows Active Directory for user authentication via kerberoes. All
that works fine and I can see and authenticate as any user. Every user on
both machines have the same uid, the problem is the groups from the windows
domain have different gid?s on each of the servers. I am using nfs to export
the file-system from one machine to another so I need the gid?s to match up.
I do not know what I am doing wrong. Here is some info on each of the
servers.

Server 1
mos-it:~# uname -a
Linux mos-it 2.6.8sm #1 SMP Tue Mar 20 12:00:13 EDT 2007 x86_64 GNU/Linux
mos-it:~# smbd --version
Version 3.0.24
mos-it:~# winbindd --version
Version 3.0.24
mos-it:~# getent passwd mgirolamo
mgirolamo:*:10044:10000:Mark Girolamo:/home/mgirolamo:/bin/bash
mos-it:~# id mgirolamo
uid=10044(mgirolamo) gid=10000(domain users) groups=10000(domain
users),10011(all),10013(accounting),10018(execs),10021(mas200),10024(admacct
)
mos-it:~# getent group accounting
accounting:x:10013:mgirolamo,jmccarty,rdemore


Server2
mos-fs:~# uname -a
Linux mos-fs 2.6.8sm4 #1 SMP Wed Mar 14 20:13:33 EDT 2007 x86_64 GNU/Linux
mos-fs:~# smbd --version
Version 3.0.24
mos-fs:~# winbindd --version
Version 3.0.24
mos-fs:~# getent passwd mgirolamo
mgirolamo:*:10044:10000:Mark Girolamo:/home/mgirolamo:/bin/bash
mos-fs:~# id mgirolamo
uid=10044(mgirolamo) gid=10000(domain users) groups=10000(domain
users),10004(all),10017(accounting),10022(execs),10023(mas200),10024(admacct
)
mos-fs:~# getent group accounting
accounting:x:10017:mgirolamo,jmccarty,rdemore


AS YOU CAN SEE FROM THE DIFFERENT id COMMANDS ON THE SEPARATE SERVERS THAT
THE GID DON?T MATCH, THE SAMBA CONFIGS FOR EACH SERVER ARE BELOW. THANKS IN
ADVANCE FOR ANY HELP YOU MIGHT BE ABLE TO GIVE ME.


Server 1 Samba Config
mos-it:~# more /usr/local/samba/lib/smb.conf
#======================= Global Settings ======================
[global]
        workgroup = MYVU
        security = ads
        password server = mos-pdc
        server string = mos-it
;%h server (Samba %v)
;       wins support = no
        winbind use default domain = yes
        realm = myvu.lc
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        preferred master = no
        os level = 20
        wins server = mos-pdc
        dns proxy = no
;       name resolve order = lmhosts host wins bcast
        winbind separator = +
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        encrypt passwords = true
        template homedir = /home/%U
        template shell = /bin/bash
        printcap name = cups
        printing = cups
#### Debugging/Accounting ####

   log file = /var/log/samba/log.%m
   max log size = 1000
;   syslog only = no
   syslog = 0
   panic action = /usr/share/samba/panic-action %d


####### Authentication #######

;   security = user
;   encrypt passwords = true
   passdb backend = tdbsam
;   obey pam restrictions = yes
;   guest account = nobody
;   invalid users = root

;   unix password sync = no

;   passwd program = /usr/bin/passwd %u
;   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spasswor
d:* %n\n .

;   pam password change = no



######## File sharing ########

# Name mangling options
;   preserve case = yes
;   short preserve case = yes


############ Misc ############

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
;   include = /home/samba/etc/smb.conf.%m

# Most people will find that this option gives better performance.
# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/speed.html
# for details
# You may want to add the following on a Linux system:
#         SO_RCVBUF=8192 SO_SNDBUF=8192
   socket options = TCP_NODELAY

# The following parameter is useful only if you have the linpopup package
# installed. The samba maintainer and the linpopup maintainer are
# working to ease installation and configuration of linpopup and samba.
;   message command = /bin/sh -c '/usr/bin/linpopup "%f"
"%m" %s; rm %s' &

# Domain Master specifies Samba to be the Domain Master Browser. If this
# machine will be configured as a BDC (a secondary logon server), you
# must set this to 'no'; otherwise, the default behavior is recommended.
;   domain master = auto

# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
;   idmap uid = 10000-20000
;   idmap gid = 10000-20000
;   template shell = /bin/bash

#======================= Share Definitions ======================

# By default, the home directories are exported read-only. Change next
# parameter to 'yes' if you want to be able to write to them.

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.

# Directory creation mask is set to 0700 for security reasons. If you want
to
# create dirs. with group=rw permissions, set next parameter to 0775.

# Un-comment the following and create the netlogon directory for Domain
Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
;   comment = Network Logon Service
;   path = /home/samba/netlogon
;   guest ok = yes
;   writable = no
;   share modes = no

[printers]
   comment = All Printers
   browseable = yes
   path = /tmp
   printable = yes
   public = yes
   writable = yes
   create mode = 0700

# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   writeable = yes
   read only = no
   guest ok = yes
# Uncomment to allow remote administration of Windows print drivers.
# Replace 'ntadmin' with the name of the group your admin users are
# members of.
   write list = root, @ntadmin, smartin, Administrator

# A sample share for sharing your CD-ROM with others.
;[cdrom]
;   comment = Samba server's CD-ROM
;   writable = no
;   locking = no
;   path = /cdrom
;   public = yes

# The next two parameters show how to auto-mount a CD-ROM when the
#       cdrom share is accesed. For this to work /etc/fstab must contain
#       an entry like this:
#
#       /dev/scd0   /cdrom  iso9660 defaults,noauto,ro,user   0 0
#
# The CD-ROM gets unmounted automatically after the connection to the
#
# If you don't want to use auto-mounting/unmounting make sure the CD
#       is mounted on /cdrom
#
;   preexec = /bin/mount /cdrom
;   postexec = /bin/umount /cdrom


Server2 Samba Config
mos-fs:~# more /usr/local/samba/lib/smb.conf
#======================= Global Settings ======================
[global]
        workgroup = MYVU
        security = ads
        password server = mos-pdc
        server string = mos-fs
;%h server (Samba %v)
;       wins support = no
        winbind use default domain = yes
        realm = myvu.lc
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        preferred master = no
        os level = 20
        wins server = mos-pdc
        dns proxy = no
;       name resolve order = lmhosts host wins bcast
        winbind separator = +
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        encrypt passwords = true
        template homedir = /home/%U
        template shell = /bin/bash

#### Debugging/Accounting ####

   log file = /var/log/samba/log.%m
   max log size = 1000
;   syslog only = no
   syslog = 0
   panic action = /usr/share/samba/panic-action %d


####### Authentication #######

;   security = user
;   encrypt passwords = true
   passdb backend = tdbsam
;   obey pam restrictions = yes
;   guest account = nobody
   invalid users = root

;   unix password sync = no

;   passwd program = /usr/bin/passwd %u
;   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spasswor
d:* %n\n .

;   pam password change = no



######## File sharing ########

# Name mangling options
;   preserve case = yes
;   short preserve case = yes


############ Misc ############

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
;   include = /home/samba/etc/smb.conf.%m

# Most people will find that this option gives better performance.
# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/speed.html
# for details
# You may want to add the following on a Linux system:
#         SO_RCVBUF=8192 SO_SNDBUF=8192
   socket options = TCP_NODELAY

# The following parameter is useful only if you have the linpopup package
# installed. The samba maintainer and the linpopup maintainer are
# working to ease installation and configuration of linpopup and samba.
;   message command = /bin/sh -c '/usr/bin/linpopup "%f"
"%m" %s; rm %s' &

# Domain Master specifies Samba to be the Domain Master Browser. If this
# machine will be configured as a BDC (a secondary logon server), you
# must set this to 'no'; otherwise, the default behavior is recommended.
;   domain master = auto

# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
;   idmap uid = 10000-20000
;   idmap gid = 10000-20000
;   template shell = /bin/bash

#======================= Share Definitions ======================
[homes]
   comment = Home Directories
   browseable = no

# By default, the home directories are exported read-only. Change next
# parameter to 'yes' if you want to be able to write to them.
   writable = yes

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
   create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want
to
# create dirs. with group=rw permissions, set next parameter to 0775.
   directory mask = 0700

# Un-comment the following and create the netlogon directory for Domain
Logons
# (you need to configure Samba to act as a domain controller too.)
[shared]
        path = /data
        comment = Myvu Shared
        browseable = yes
        writeable = yes
        create mask = 0777
        directory mask = 0777
;[netlogon]
;   comment = Network Logon Service
;   path = /home/samba/netlogon
;   guest ok = yes
;   writable = no
;   share modes = no

#[printers]
#   comment = All Printers
#   browseable = no
#   path = /tmp
#   printable = yes
#   public = no
#   writable = no
#   create mode = 0700

# Windows clients look for this share name as a source of downloadable
# printer drivers
#[print$]
#   comment = Printer Drivers
#   path = /var/lib/samba/printers
#   browseable = yes
#   read only = yes
#   guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# Replace 'ntadmin' with the name of the group your admin users are
# members of.
;   write list = root, @ntadmin

# A sample share for sharing your CD-ROM with others.
;[cdrom]
;   comment = Samba server's CD-ROM
;   writable = no
;   locking = no
;   path = /cdrom
;   public = yes

# The next two parameters show how to auto-mount a CD-ROM when the
#       cdrom share is accesed. For this to work /etc/fstab must contain
#       an entry like this:
#
#       /dev/scd0   /cdrom  iso9660 defaults,noauto,ro,user   0 0
#
# The CD-ROM gets unmounted automatically after the connection to the
#
# If you don't want to use auto-mounting/unmounting make sure the CD
#       is mounted on /cdrom
#
;   preexec = /bin/mount /cdrom
;   postexec = /bin/umount /cdrom



-- 
Shaun Martin
IT Manager