Hi,
sorry to bother you:
I have three AD in the domain.
They all deliver different IDs:
root at addc2:~# id testuser
uid=3000155(EXAMPLE\testuser) gid=100(users)
Gruppen=100(users),3000155(EXAMPLE\testuser),3000036(EXAMPLE\TEAM1),3000014(EXAMPLE\gesch?ftsstelle),3000001(BUILTIN\users)
root at addc3:~$ id testuser
uid=3000133(EXAMPLE\testuser) gid=100(users)
Gruppen=100(users),3000133(EXAMPLE\testuser),3000093(EXAMPLE\TEAM1),3000041(EXAMPLE\gesch?ftsstelle),3000007(BUILTIN\users)
root at addc3:~# id testuser
uid=3000080(EXAMPLE\testuser) gid=100(users)
Gruppen=100(users),3000080(EXAMPLE\testuser),3000051(EXAMPLE\TEAM1),3000023(EXAMPLE\gesch?ftsstelle),3000001(BUILTIN\users)
Best
Bene
Am 29.08.19 um 09:16 schrieb Benedikt Kale? via samba:> Hi,
>
> this configuration doesn't make any differenc in daily life. So perhaps
> an ID-Mapping problem?
>
> an ldbsearch --url=/var/lib/samba/private/sam.ldb
>
> shows
>
> dn: CN=Team IT and facilities,OU=HO,OU=example,DC=com,DC=de
> objectClass: top
> objectClass: group
> cn: Team
> instanceType: 4
> whenCreated: 20180731103742.0Z
> uSNCreated: 3631
> name: Team
> objectGUID: 7a27f859-97dc-4cf8-b4b1-c7b7cfe0f585
> objectSid: S-1-5-21-1996849273-3222042488-349429296-101163
> sAMAccountName: Team
> sAMAccountType: 268435456
> groupType: -2147483646
> objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com
> whenChanged: 20190723103748.0Z
> uSNChanged: 39294
> member::
> Q049QmVuZWRpa3QgS2FsZcOfLE9VPVRlYW0gSVQgJiBGYWNpbGl0eSBNYW5hZ2VtZW50L
>
?E9VPUV4ZWN1dGl2ZSBCb2FyZCBGaW5hbmNlXCwgSFJcLCBBZG1pbmlzdHJhdGlvbixPVT1ITyxPVT
> ?1aRkQsREM9emZkLERDPWZvcnVtemZkLERDPWRl
> member: CN=Testuser,OU=IRK,OU=ZFD,DC=zfd,DC=forumzfd,DC=de
> distinguishedName: CN=Team,OU=HO,OU=,Example,DC=com,D
> ?C=de
>
> So, I assume that the uid on the ctdb and a standalone fileserver has to
> be 101163, right?
>
> The ctdb shows the uid 103150, the fileserver 102150
>
> That can't be okay and I think I have to search further regarding this
> issue.
>
> Is there any offset configured?
>
> Best
>
> Bene
>
>
> Am 29.08.19 um 08:46 schrieb L.P.H. van Belle via samba:
> > Hai,
> >
> > Great to hear i could help one with a gluster problem :-)
> >
> > And ofcourse your allowed to keep us up2date.
> > So yes, plese, by doing that and sharing the configs it might help
other people.
> >
> > Greetz,
> >
> > Louis
> >
> >
> >
> >
> > > -----Oorspronkelijk bericht-----
> > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > > Benedikt Kale? via samba
> > > Verzonden: woensdag 28 augustus 2019 17:37
> > > Aan: samba at lists.samba.org
> > > Onderwerp: Re: [Samba] Permission Issue
> > >
> > > Hi,
> > >
> > > of course? you can not know everything :) I'm glad to have
> > > your support!
> > > Thank you.
> > >
> > > Actually I did a gluster_client fluse mount and set up the
> > > share in the
> > > registry "old fashioned".
> > >
> > > I changed that now to the following:
> > >
> > > [share]
> > > ??? comment = Archivdateien der Abteilung Projekte
> > > ??? read only = no
> > > ??? vfs objects = acl_xattr glusterfs
> > > ??? glusterfs:volume = gv-ho
> > > ??? glusterfs:logfile = /var/log/samba/glusterfs-gv-ho.log
> > > ??? glusterfs:loglevel = 3
> > > ??? glusterfs:volfile_server = gluster1 gluster3
> > > ??? kernel share modes = no
> > > ??? path = /data/share
> > >
> > > Of course I added your recomondations as well like "store
dos
> > > attributes"...
> > >
> > > It looks good in the moment. But I will stay you updated here, if
I'm
> > > allowed to.
> > >
> > > Best regards
> > >
> > > Bene
> > >
> > >
> > > Am 28.08.19 um 15:56 schrieb L.P.H. van Belle via samba:
> > > > Hai,
> > > >
> > > > First i must say, i dont use/know gluster.
> > > >
> > > > But I noticed you config (smb.conf) is a bit off.
> > > >
> > > > store dos attributes = Yes << is missing.
> > > >
> > > > And i would say setup netbios name and REALM in CAPS.
> > > > And
> > > > > ??? smbd:search ask sharemode = no
> > > > Should be : smbd search ask sharemod
> > > > >>
https://www.samba.org/samba/history/samba-4.10.0.html
> > > > See smb.conf changes,
> > > >
> > > > What i dont know, but dont you need one or both of these.
> > > (vfs_modules)
> > > > Because i also notice New glusterfs_fuse VFS module as
> > > "new" in the changelog.
> > > >
> > > > See:
> > > > man vfs_glusterfs
> > > > man vfs_glusterfs_fuse
> > > >
> > > > Someone, who knows gluster, should give more info about
this.
> > > > I cant.. (sorry), I cant know everything.. :-/
> > > >
> > > > Greetz,
> > > >
> > > > Louis
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > > -----Oorspronkelijk bericht-----
> > > > > Van: samba [mailto:samba-bounces at lists.samba.org]
Namens
> > > > > Benedikt Kale? via samba
> > > > > Verzonden: woensdag 28 augustus 2019 11:22
> > > > > Aan: samba at lists.samba.org >> samba
> > > > > Onderwerp: [Samba] Permission Issue
> > > > >
> > > > > Hi again,
> > > > >
> > > > > regarding my post "plenty of vacuuuming
process" a "gluster
> > > > > volume heal"
> > > > > seems to improve the situation.
> > > > >
> > > > > But I still have a strange problem:
> > > > >
> > > > > Sometimes a user don't have permissions to? a
restricted
> > > folder when h
> > > > > connects to a share or logs in at a windows client. In
> > > some times all
> > > > > permissions are granted. If the user creates a file,
the user
> > > > > and group
> > > > > is correctly set.
> > > > >
> > > > > Im running Samba version
4.9.12-SerNet-Debian-15.stretch on
> > > > > all 3 nodes.
> > > > >
> > > > > I tried to enlarge the id range with no effects.
> > > > >
> > > > > This is the output off net conf list:
> > > > >
> > > > > [global]
> > > > > ??? winbind refresh tickets = Yes
> > > > > ??? winbind use default domain = yes
> > > > > ??? template shell = /bin/bash
> > > > > ??? idmap config * : range = 1000000 - 1999999
> > > > > ??? idmap config DOMAINNAME : backend = rid
> > > > > ??? idmap config DOMAINNAME : range = 1000 - 999999
> > > > > ??? hide dot files = yes
> > > > > ??? server string = Daten server %h (Samba %v)
> > > > > ??? vfs objects = acl_xattr
> > > > > ??? map acl inherit = yes
> > > > > ??? workgroup = DOMAINNAME
> > > > > ??? netbios name = cluster-ho
> > > > > ??? clustering = yes
> > > > > ??? security = ads
> > > > > ??? realm = zfd.forumzfd.de
> > > > > ??? smbd:search ask sharemode = no
> > > > >
> > > > > [home]
> > > > > ??? path = /data/ho/
> > > > > ??? comment = Home Directories
> > > > > ??? read only = no
> > > > > ??? browseable = yes
> > > > >
> > > > > [Ablage]
> > > > > ??? comment = DATA_Share
> > > > > ? ? path = /data/ho/data
> > > > > ??? read only = no
> > > > >
> > > > >
> > > > > This is is the message in /var/log/samba/log.smbd:
> > > > >
> > > > > ?smbd_smb2_request_error_ex:
smbd_smb2_request_error_ex: idx[1]
> > > > > status[NT_STATUS_ACCESS_DENIED] || at
> > > > > ../source3/smbd/smb2_getinfo.c:159
> > > > >
> > > > > Thank you again for ideas or comments.
> > > > >
> > > > >
> > > > > Best regards
> > > > >
> > > > > Bene
> > > > >
> > > > > --
> > > > > ???forumZFD
> > > > > Entschieden f?r Frieden|Committed to Peace
> > > > >
> > > > > Benedikt Kale?
> > > > > Leiter Team IT|Head team IT
> > > > >
> > > > > Forum Ziviler Friedensdienst e.V.|Forum Civil Peace
Service
> > > > > Am K?lner Brett 8 | 50825 K?ln | Germany
> > > > >
> > > > > Tel 0221 91273233 | Fax 0221 91273299 |
> > > > > http://www.forumZFD.de
> > > > >
> > > > > Vorstand nach ? 26 BGB,
> > > einzelvertretungsberechtigt|Executive Board:
> > > > > Oliver Knabe (Vorsitz|Chair), Sonja
Wiekenberg-Mlalandle,
> > > > > Alexander Mauz
> > > > > VR 17651 Amtsgericht K?ln
> > > > >
> > > > > Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC
> > > BFSWDE33XXX
> > > > >
> > > > >
> > > > > --
> > > > > To unsubscribe from this list go to the following URL
and read the
> > > > > instructions:
https://lists.samba.org/mailman/options/samba
> > > > >
> > > > >
> > > >
> > > >
> > > --
> > > ???forumZFD
> > > Entschieden f?r Frieden|Committed to Peace
> > >
> > > Benedikt Kale?
> > > Leiter Team IT|Head team IT
> > >
> > > Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service
> > > Am K?lner Brett 8 | 50825 K?ln | Germany
> > >
> > > Tel 0221 91273233 | Fax 0221 91273299 |
> > > http://www.forumZFD.de
> > >
> > > Vorstand nach ? 26 BGB, einzelvertretungsberechtigt|Executive
Board:
> > > Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle,
> > > Alexander Mauz
> > > VR 17651 Amtsgericht K?ln
> > >
> > > Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC
BFSWDE33XXX
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read
the
> > > instructions: https://lists.samba.org/mailman/options/samba
> > >
> > >
> >
> >
--
?forumZFD
Entschieden f?r Frieden|Committed to Peace
Benedikt Kale?
Leiter Team IT|Head team IT
Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service
Am K?lner Brett 8 | 50825 K?ln | Germany
Tel 0221 91273233 | Fax 0221 91273299 |
http://www.forumZFD.de
Vorstand nach ? 26 BGB, einzelvertretungsberechtigt|Executive Board:
Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, Alexander Mauz
VR 17651 Amtsgericht K?ln
Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX