samba - Feb 2018 - wbinfo -U id gives different users on same dc

Sorry for posting 2 times. I didnt reply to all.
This is my config.

> [Global]
> netbios name = DEV2
> workgroup = test
> realm = test.pvt
> server string = %h Test Host
> security = ads
> encrypt passwords = yes
> idmap config sm.pvt : backend = ad
> idmap config sm.pvt : range = 10000-20000
> idmap config sm.pvt : schema_mode = rfc2307
> idmap config * : range = 8000-9000
> winbind use default domain = Yes
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind nested groups = Yes
> winbind refresh tickets = yes
> winbind offline logon = yes
> winbind cache time = 300
> template shell = /bin/bash
> template homedir = /home/%D/%U
> preferred master = no
> dns proxy = no
> wins server = test.pvt
> wins proxy = no
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
> debug level = 3
> use sendfile = no
> vfs objects = acl_xattr
> map acl inherit = yes
> acl group control = yes
> store dos attributes = yes
> case sensitive = true
> server signing = no
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
> deadtime = 3
> min receivefile size = 16384
> aio read size = 16384
> aio write size = 16384
> max xmit = 65536
> strict sync = no
>
> [a1]
> comment = a1
> path = /ssdpool/a1
> public = no
> read only = no
> inherit permissions = yes
> inherit acls = yes

*Özkan GÖKSU* | *Tekn. Geliştirme* | ozkan.goksu at usishi.com
<goktug.yildirim at usishi.com>
C : +90 555 449 88 71 | T : +90 (216) 442 7070 |
http://www.usishi.com


2018-02-13 14:16 GMT+02:00 Rowland Penny via samba <samba at
lists.samba.org>:
> On Tue, 13 Feb 2018 14:03:57 +0200
> Özkan Göksu via samba <samba at lists.samba.org> wrote:
>
> > Hello.
> >
> > I have 2 clustered server and they're using same DC. But wbinfo
gives
> > me different user with same "UID" and on every failover
I'm facing
> > with this problem.
> >
>
> snip
>
> >
> > My smb.conf attached.
>
> Sorry, but this list strips attachments, you will have to paste it into
> the post ;-)
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On Tue, 13 Feb 2018 14:23:32 +0200
Özkan Göksu <ozkan.goksu at usishi.com> wrote:
> > [Global]
> > netbios name = DEV2
> > workgroup = test
> > realm = test.pvt
> > server string = %h Test Host
> > security = ads
> > encrypt passwords = yes
> > idmap config sm.pvt : backend = ad
> > idmap config sm.pvt : range = 10000-20000
> > idmap config sm.pvt : schema_mode = rfc2307
> > idmap config * : range = 8000-9000
Hmm, the WORKGROUP is 'test', the REALM is 'test.pvt' and
'idmap
config' is 'sm.pvt', I would have expected that 'idmap
config' to be
'TEST'

Your original post referred to user ID '8003' and this user must come
from the '*' domain, so fixing the 'idmap config' name might fix
this,
as long as you have added uidNumber & gidNumber attributes to AD.

Rowland

Thank you for reply Rowland.

Sorry for my typo. I intended to change  sm--to-->test but i forget to
change other lines.
So my original config is below:

        workgroup = sm
>         realm = sm.pvt
>         server string = %h Test Host
>         security = ads
>         encrypt passwords = yes
>         idmap config sm.pvt : backend = ad
>         idmap config sm.pvt : range = 10000-20000
>         idmap config sm.pvt : schema_mode = rfc2307
>         idmap config * : range = 8000-9000

Honestly I am not sure about using ads backend at all. I have read samba
documents. As rid backend use local database and it may get corrupted, I
chose ad backend.
On the other hand I should not install any extensions on Windows Active
Directory server. Samba documents tells something about installing unix
extensions but as far as I see this is not a must for ads.

So it would be best if someone could help me understanding about rid vs
ads. I suspect my problem depends on it.

Regards.


2018-02-13 14:47 GMT+02:00 Rowland Penny via samba <samba at
lists.samba.org>:
> On Tue, 13 Feb 2018 14:23:32 +0200
> Özkan Göksu <ozkan.goksu at usishi.com> wrote:
>
> > > [Global]
> > > netbios name = DEV2
> > > workgroup = test
> > > realm = test.pvt
> > > server string = %h Test Host
> > > security = ads
> > > encrypt passwords = yes
> > > idmap config sm.pvt : backend = ad
> > > idmap config sm.pvt : range = 10000-20000
> > > idmap config sm.pvt : schema_mode = rfc2307
> > > idmap config * : range = 8000-9000
>
> Hmm, the WORKGROUP is 'test', the REALM is 'test.pvt' and
'idmap
> config' is 'sm.pvt', I would have expected that 'idmap
config' to be
> 'TEST'
>
> Your original post referred to user ID '8003' and this user must
come
> from the '*' domain, so fixing the 'idmap config' name
might fix this,
> as long as you have added uidNumber & gidNumber attributes to AD.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>