Hai, Great to hear i could help one with a gluster problem :-) And ofcourse your allowed to keep us up2date. So yes, plese, by doing that and sharing the configs it might help other people. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Benedikt Kale? via samba > Verzonden: woensdag 28 augustus 2019 17:37 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Permission Issue > > Hi, > > of course? you can not know everything :) I'm glad to have > your support! > Thank you. > > Actually I did a gluster_client fluse mount and set up the > share in the > registry "old fashioned". > > I changed that now to the following: > > [share] > ??? comment = Archivdateien der Abteilung Projekte > ??? read only = no > ??? vfs objects = acl_xattr glusterfs > ??? glusterfs:volume = gv-ho > ??? glusterfs:logfile = /var/log/samba/glusterfs-gv-ho.log > ??? glusterfs:loglevel = 3 > ??? glusterfs:volfile_server = gluster1 gluster3 > ??? kernel share modes = no > ??? path = /data/share > > Of course I added your recomondations as well like "store dos > attributes"... > > It looks good in the moment. But I will stay you updated here, if I'm > allowed to. > > Best regards > > Bene > > > Am 28.08.19 um 15:56 schrieb L.P.H. van Belle via samba: > > Hai, > > > > First i must say, i dont use/know gluster. > > > > But I noticed you config (smb.conf) is a bit off. > > > > store dos attributes = Yes << is missing. > > > > And i would say setup netbios name and REALM in CAPS. > > And > > > ??? smbd:search ask sharemode = no > > Should be : smbd search ask sharemod > > >> https://www.samba.org/samba/history/samba-4.10.0.html > > See smb.conf changes, > > > > What i dont know, but dont you need one or both of these. > (vfs_modules) > > Because i also notice New glusterfs_fuse VFS module as > "new" in the changelog. > > > > See: > > man vfs_glusterfs > > man vfs_glusterfs_fuse > > > > Someone, who knows gluster, should give more info about this. > > I cant.. (sorry), I cant know everything.. :-/ > > > > Greetz, > > > > Louis > > > > > > > > > > > > > -----Oorspronkelijk bericht----- > > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > > Benedikt Kale? via samba > > > Verzonden: woensdag 28 augustus 2019 11:22 > > > Aan: samba at lists.samba.org >> samba > > > Onderwerp: [Samba] Permission Issue > > > > > > Hi again, > > > > > > regarding my post "plenty of vacuuuming process" a "gluster > > > volume heal" > > > seems to improve the situation. > > > > > > But I still have a strange problem: > > > > > > Sometimes a user don't have permissions to? a restricted > folder when h > > > connects to a share or logs in at a windows client. In > some times all > > > permissions are granted. If the user creates a file, the user > > > and group > > > is correctly set. > > > > > > Im running Samba version 4.9.12-SerNet-Debian-15.stretch on > > > all 3 nodes. > > > > > > I tried to enlarge the id range with no effects. > > > > > > This is the output off net conf list: > > > > > > [global] > > > ??? winbind refresh tickets = Yes > > > ??? winbind use default domain = yes > > > ??? template shell = /bin/bash > > > ??? idmap config * : range = 1000000 - 1999999 > > > ??? idmap config DOMAINNAME : backend = rid > > > ??? idmap config DOMAINNAME : range = 1000 - 999999 > > > ??? hide dot files = yes > > > ??? server string = Daten server %h (Samba %v) > > > ??? vfs objects = acl_xattr > > > ??? map acl inherit = yes > > > ??? workgroup = DOMAINNAME > > > ??? netbios name = cluster-ho > > > ??? clustering = yes > > > ??? security = ads > > > ??? realm = zfd.forumzfd.de > > > ??? smbd:search ask sharemode = no > > > > > > [home] > > > ??? path = /data/ho/ > > > ??? comment = Home Directories > > > ??? read only = no > > > ??? browseable = yes > > > > > > [Ablage] > > > ??? comment = DATA_Share > > > ? ? path = /data/ho/data > > > ??? read only = no > > > > > > > > > This is is the message in /var/log/samba/log.smbd: > > > > > > ?smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] > > > status[NT_STATUS_ACCESS_DENIED] || at > > > ../source3/smbd/smb2_getinfo.c:159 > > > > > > Thank you again for ideas or comments. > > > > > > > > > Best regards > > > > > > Bene > > > > > > -- > > > ???forumZFD > > > Entschieden f?r Frieden|Committed to Peace > > > > > > Benedikt Kale? > > > Leiter Team IT|Head team IT > > > > > > Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service > > > Am K?lner Brett 8 | 50825 K?ln | Germany > > > > > > Tel 0221 91273233 | Fax 0221 91273299 | > > > http://www.forumZFD.de > > > > > > Vorstand nach ? 26 BGB, > einzelvertretungsberechtigt|Executive Board: > > > Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, > > > Alexander Mauz > > > VR 17651 Amtsgericht K?ln > > > > > > Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC > BFSWDE33XXX > > > > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > > > -- > ???forumZFD > Entschieden f?r Frieden|Committed to Peace > > Benedikt Kale? > Leiter Team IT|Head team IT > > Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service > Am K?lner Brett 8 | 50825 K?ln | Germany > > Tel 0221 91273233 | Fax 0221 91273299 | > http://www.forumZFD.de > > Vorstand nach ? 26 BGB, einzelvertretungsberechtigt|Executive Board: > Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, > Alexander Mauz > VR 17651 Amtsgericht K?ln > > Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Hi, this configuration doesn't make any differenc in daily life. So perhaps an ID-Mapping problem? an ldbsearch --url=/var/lib/samba/private/sam.ldb shows dn: CN=Team IT and facilities,OU=HO,OU=example,DC=com,DC=de objectClass: top objectClass: group cn: Team instanceType: 4 whenCreated: 20180731103742.0Z uSNCreated: 3631 name: Team objectGUID: 7a27f859-97dc-4cf8-b4b1-c7b7cfe0f585 objectSid: S-1-5-21-1996849273-3222042488-349429296-101163 sAMAccountName: Team sAMAccountType: 268435456 groupType: -2147483646 objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com whenChanged: 20190723103748.0Z uSNChanged: 39294 member:: Q049QmVuZWRpa3QgS2FsZcOfLE9VPVRlYW0gSVQgJiBGYWNpbGl0eSBNYW5hZ2VtZW50L ?E9VPUV4ZWN1dGl2ZSBCb2FyZCBGaW5hbmNlXCwgSFJcLCBBZG1pbmlzdHJhdGlvbixPVT1ITyxPVT ?1aRkQsREM9emZkLERDPWZvcnVtemZkLERDPWRl member: CN=Testuser,OU=IRK,OU=ZFD,DC=zfd,DC=forumzfd,DC=de distinguishedName: CN=Team,OU=HO,OU=,Example,DC=com,D ?C=de So, I assume that the uid on the ctdb and a standalone fileserver has to be 101163, right? The ctdb shows the uid 103150, the fileserver 102150 That can't be okay and I think I have to search further regarding this issue. Is there any offset configured? Best Bene Am 29.08.19 um 08:46 schrieb L.P.H. van Belle via samba:> Hai, > > Great to hear i could help one with a gluster problem :-) > > And ofcourse your allowed to keep us up2date. > So yes, plese, by doing that and sharing the configs it might help other people. > > Greetz, > > Louis > > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Benedikt Kale? via samba > > Verzonden: woensdag 28 augustus 2019 17:37 > > Aan: samba at lists.samba.org > > Onderwerp: Re: [Samba] Permission Issue > > > > Hi, > > > > of course? you can not know everything :) I'm glad to have > > your support! > > Thank you. > > > > Actually I did a gluster_client fluse mount and set up the > > share in the > > registry "old fashioned". > > > > I changed that now to the following: > > > > [share] > > ??? comment = Archivdateien der Abteilung Projekte > > ??? read only = no > > ??? vfs objects = acl_xattr glusterfs > > ??? glusterfs:volume = gv-ho > > ??? glusterfs:logfile = /var/log/samba/glusterfs-gv-ho.log > > ??? glusterfs:loglevel = 3 > > ??? glusterfs:volfile_server = gluster1 gluster3 > > ??? kernel share modes = no > > ??? path = /data/share > > > > Of course I added your recomondations as well like "store dos > > attributes"... > > > > It looks good in the moment. But I will stay you updated here, if I'm > > allowed to. > > > > Best regards > > > > Bene > > > > > > Am 28.08.19 um 15:56 schrieb L.P.H. van Belle via samba: > > > Hai, > > > > > > First i must say, i dont use/know gluster. > > > > > > But I noticed you config (smb.conf) is a bit off. > > > > > > store dos attributes = Yes << is missing. > > > > > > And i would say setup netbios name and REALM in CAPS. > > > And > > > > ??? smbd:search ask sharemode = no > > > Should be : smbd search ask sharemod > > > >> https://www.samba.org/samba/history/samba-4.10.0.html > > > See smb.conf changes, > > > > > > What i dont know, but dont you need one or both of these. > > (vfs_modules) > > > Because i also notice New glusterfs_fuse VFS module as > > "new" in the changelog. > > > > > > See: > > > man vfs_glusterfs > > > man vfs_glusterfs_fuse > > > > > > Someone, who knows gluster, should give more info about this. > > > I cant.. (sorry), I cant know everything.. :-/ > > > > > > Greetz, > > > > > > Louis > > > > > > > > > > > > > > > > > > > -----Oorspronkelijk bericht----- > > > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > > > Benedikt Kale? via samba > > > > Verzonden: woensdag 28 augustus 2019 11:22 > > > > Aan: samba at lists.samba.org >> samba > > > > Onderwerp: [Samba] Permission Issue > > > > > > > > Hi again, > > > > > > > > regarding my post "plenty of vacuuuming process" a "gluster > > > > volume heal" > > > > seems to improve the situation. > > > > > > > > But I still have a strange problem: > > > > > > > > Sometimes a user don't have permissions to? a restricted > > folder when h > > > > connects to a share or logs in at a windows client. In > > some times all > > > > permissions are granted. If the user creates a file, the user > > > > and group > > > > is correctly set. > > > > > > > > Im running Samba version 4.9.12-SerNet-Debian-15.stretch on > > > > all 3 nodes. > > > > > > > > I tried to enlarge the id range with no effects. > > > > > > > > This is the output off net conf list: > > > > > > > > [global] > > > > ??? winbind refresh tickets = Yes > > > > ??? winbind use default domain = yes > > > > ??? template shell = /bin/bash > > > > ??? idmap config * : range = 1000000 - 1999999 > > > > ??? idmap config DOMAINNAME : backend = rid > > > > ??? idmap config DOMAINNAME : range = 1000 - 999999 > > > > ??? hide dot files = yes > > > > ??? server string = Daten server %h (Samba %v) > > > > ??? vfs objects = acl_xattr > > > > ??? map acl inherit = yes > > > > ??? workgroup = DOMAINNAME > > > > ??? netbios name = cluster-ho > > > > ??? clustering = yes > > > > ??? security = ads > > > > ??? realm = zfd.forumzfd.de > > > > ??? smbd:search ask sharemode = no > > > > > > > > [home] > > > > ??? path = /data/ho/ > > > > ??? comment = Home Directories > > > > ??? read only = no > > > > ??? browseable = yes > > > > > > > > [Ablage] > > > > ??? comment = DATA_Share > > > > ? ? path = /data/ho/data > > > > ??? read only = no > > > > > > > > > > > > This is is the message in /var/log/samba/log.smbd: > > > > > > > > ?smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] > > > > status[NT_STATUS_ACCESS_DENIED] || at > > > > ../source3/smbd/smb2_getinfo.c:159 > > > > > > > > Thank you again for ideas or comments. > > > > > > > > > > > > Best regards > > > > > > > > Bene > > > > > > > > -- > > > > ???forumZFD > > > > Entschieden f?r Frieden|Committed to Peace > > > > > > > > Benedikt Kale? > > > > Leiter Team IT|Head team IT > > > > > > > > Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service > > > > Am K?lner Brett 8 | 50825 K?ln | Germany > > > > > > > > Tel 0221 91273233 | Fax 0221 91273299 | > > > > http://www.forumZFD.de > > > > > > > > Vorstand nach ? 26 BGB, > > einzelvertretungsberechtigt|Executive Board: > > > > Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, > > > > Alexander Mauz > > > > VR 17651 Amtsgericht K?ln > > > > > > > > Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC > > BFSWDE33XXX > > > > > > > > > > > > -- > > > > To unsubscribe from this list go to the following URL and read the > > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > > > > > > > > -- > > ???forumZFD > > Entschieden f?r Frieden|Committed to Peace > > > > Benedikt Kale? > > Leiter Team IT|Head team IT > > > > Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service > > Am K?lner Brett 8 | 50825 K?ln | Germany > > > > Tel 0221 91273233 | Fax 0221 91273299 | > > http://www.forumZFD.de > > > > Vorstand nach ? 26 BGB, einzelvertretungsberechtigt|Executive Board: > > Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, > > Alexander Mauz > > VR 17651 Amtsgericht K?ln > > > > Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > >-- ?forumZFD Entschieden f?r Frieden|Committed to Peace Benedikt Kale? Leiter Team IT|Head team IT Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service Am K?lner Brett 8 | 50825 K?ln | Germany Tel 0221 91273233 | Fax 0221 91273299 | http://www.forumZFD.de Vorstand nach ? 26 BGB, einzelvertretungsberechtigt|Executive Board: Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, Alexander Mauz VR 17651 Amtsgericht K?ln Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX
Hi, Some other abnormalities I recognize: groups and users < 100000 are the same on both systems (the cluster and the standalone-fileserver) all groups and users > 100000 differ on both systems. Some IDs are smaller on the ctdb, one IDs are bigger. The idmap config on both systems is the same: ??? idmap config * : range = 1000000 - 1999999 ??? idmap config ZFD : backend = rid ??? idmap config ZFD : range = 0 - 200000 We set up this range because we did a classic-upgrade from Samba 3 Can a "net cache flush" help? What can the consequences be, if I run it on a ctdb node? To summarize: The behavior is, that a user sometimes has permissions to a file/folder, sometimes he has not. Best Bene Am 29.08.19 um 09:16 schrieb Benedikt Kale? via samba:> Hi, > > this configuration doesn't make any differenc in daily life. So perhaps > an ID-Mapping problem? > > an ldbsearch --url=/var/lib/samba/private/sam.ldb > > shows > > dn: CN=Team IT and facilities,OU=HO,OU=example,DC=com,DC=de > objectClass: top > objectClass: group > cn: Team > instanceType: 4 > whenCreated: 20180731103742.0Z > uSNCreated: 3631 > name: Team > objectGUID: 7a27f859-97dc-4cf8-b4b1-c7b7cfe0f585 > objectSid: S-1-5-21-1996849273-3222042488-349429296-101163 > sAMAccountName: Team > sAMAccountType: 268435456 > groupType: -2147483646 > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com > whenChanged: 20190723103748.0Z > uSNChanged: 39294 > member:: > Q049QmVuZWRpa3QgS2FsZcOfLE9VPVRlYW0gSVQgJiBGYWNpbGl0eSBNYW5hZ2VtZW50L > ?E9VPUV4ZWN1dGl2ZSBCb2FyZCBGaW5hbmNlXCwgSFJcLCBBZG1pbmlzdHJhdGlvbixPVT1ITyxPVT > ?1aRkQsREM9emZkLERDPWZvcnVtemZkLERDPWRl > member: CN=Testuser,OU=IRK,OU=ZFD,DC=zfd,DC=forumzfd,DC=de > distinguishedName: CN=Team,OU=HO,OU=,Example,DC=com,D > ?C=de > > So, I assume that the uid on the ctdb and a standalone fileserver has to > be 101163, right? > > The ctdb shows the uid 103150, the fileserver 102150 > > That can't be okay and I think I have to search further regarding this > issue. > > Is there any offset configured? > > Best > > Bene > > > Am 29.08.19 um 08:46 schrieb L.P.H. van Belle via samba: > > Hai, > > > > Great to hear i could help one with a gluster problem :-) > > > > And ofcourse your allowed to keep us up2date. > > So yes, plese, by doing that and sharing the configs it might help other people. > > > > Greetz, > > > > Louis > > > > > > > > > > > -----Oorspronkelijk bericht----- > > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > > Benedikt Kale? via samba > > > Verzonden: woensdag 28 augustus 2019 17:37 > > > Aan: samba at lists.samba.org > > > Onderwerp: Re: [Samba] Permission Issue > > > > > > Hi, > > > > > > of course? you can not know everything :) I'm glad to have > > > your support! > > > Thank you. > > > > > > Actually I did a gluster_client fluse mount and set up the > > > share in the > > > registry "old fashioned". > > > > > > I changed that now to the following: > > > > > > [share] > > > ??? comment = Archivdateien der Abteilung Projekte > > > ??? read only = no > > > ??? vfs objects = acl_xattr glusterfs > > > ??? glusterfs:volume = gv-ho > > > ??? glusterfs:logfile = /var/log/samba/glusterfs-gv-ho.log > > > ??? glusterfs:loglevel = 3 > > > ??? glusterfs:volfile_server = gluster1 gluster3 > > > ??? kernel share modes = no > > > ??? path = /data/share > > > > > > Of course I added your recomondations as well like "store dos > > > attributes"... > > > > > > It looks good in the moment. But I will stay you updated here, if I'm > > > allowed to. > > > > > > Best regards > > > > > > Bene > > > > > > > > > Am 28.08.19 um 15:56 schrieb L.P.H. van Belle via samba: > > > > Hai, > > > > > > > > First i must say, i dont use/know gluster. > > > > > > > > But I noticed you config (smb.conf) is a bit off. > > > > > > > > store dos attributes = Yes << is missing. > > > > > > > > And i would say setup netbios name and REALM in CAPS. > > > > And > > > > > ??? smbd:search ask sharemode = no > > > > Should be : smbd search ask sharemod > > > > >> https://www.samba.org/samba/history/samba-4.10.0.html > > > > See smb.conf changes, > > > > > > > > What i dont know, but dont you need one or both of these. > > > (vfs_modules) > > > > Because i also notice New glusterfs_fuse VFS module as > > > "new" in the changelog. > > > > > > > > See: > > > > man vfs_glusterfs > > > > man vfs_glusterfs_fuse > > > > > > > > Someone, who knows gluster, should give more info about this. > > > > I cant.. (sorry), I cant know everything.. :-/ > > > > > > > > Greetz, > > > > > > > > Louis > > > > > > > > > > > > > > > > > > > > > > > > > -----Oorspronkelijk bericht----- > > > > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > > > > Benedikt Kale? via samba > > > > > Verzonden: woensdag 28 augustus 2019 11:22 > > > > > Aan: samba at lists.samba.org >> samba > > > > > Onderwerp: [Samba] Permission Issue > > > > > > > > > > Hi again, > > > > > > > > > > regarding my post "plenty of vacuuuming process" a "gluster > > > > > volume heal" > > > > > seems to improve the situation. > > > > > > > > > > But I still have a strange problem: > > > > > > > > > > Sometimes a user don't have permissions to? a restricted > > > folder when h > > > > > connects to a share or logs in at a windows client. In > > > some times all > > > > > permissions are granted. If the user creates a file, the user > > > > > and group > > > > > is correctly set. > > > > > > > > > > Im running Samba version 4.9.12-SerNet-Debian-15.stretch on > > > > > all 3 nodes. > > > > > > > > > > I tried to enlarge the id range with no effects. > > > > > > > > > > This is the output off net conf list: > > > > > > > > > > [global] > > > > > ??? winbind refresh tickets = Yes > > > > > ??? winbind use default domain = yes > > > > > ??? template shell = /bin/bash > > > > > ??? idmap config * : range = 1000000 - 1999999 > > > > > ??? idmap config DOMAINNAME : backend = rid > > > > > ??? idmap config DOMAINNAME : range = 1000 - 999999 > > > > > ??? hide dot files = yes > > > > > ??? server string = Daten server %h (Samba %v) > > > > > ??? vfs objects = acl_xattr > > > > > ??? map acl inherit = yes > > > > > ??? workgroup = DOMAINNAME > > > > > ??? netbios name = cluster-ho > > > > > ??? clustering = yes > > > > > ??? security = ads > > > > > ??? realm = zfd.forumzfd.de > > > > > ??? smbd:search ask sharemode = no > > > > > > > > > > [home] > > > > > ??? path = /data/ho/ > > > > > ??? comment = Home Directories > > > > > ??? read only = no > > > > > ??? browseable = yes > > > > > > > > > > [Ablage] > > > > > ??? comment = DATA_Share > > > > > ? ? path = /data/ho/data > > > > > ??? read only = no > > > > > > > > > > > > > > > This is is the message in /var/log/samba/log.smbd: > > > > > > > > > > ?smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] > > > > > status[NT_STATUS_ACCESS_DENIED] || at > > > > > ../source3/smbd/smb2_getinfo.c:159 > > > > > > > > > > Thank you again for ideas or comments. > > > > > > > > > > > > > > > Best regards > > > > > > > > > > Bene > > > > > > > > > > -- > > > > > ???forumZFD > > > > > Entschieden f?r Frieden|Committed to Peace > > > > > > > > > > Benedikt Kale? > > > > > Leiter Team IT|Head team IT > > > > > > > > > > Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service > > > > > Am K?lner Brett 8 | 50825 K?ln | Germany > > > > > > > > > > Tel 0221 91273233 | Fax 0221 91273299 | > > > > > http://www.forumZFD.de > > > > > > > > > > Vorstand nach ? 26 BGB, > > > einzelvertretungsberechtigt|Executive Board: > > > > > Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, > > > > > Alexander Mauz > > > > > VR 17651 Amtsgericht K?ln > > > > > > > > > > Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC > > > BFSWDE33XXX > > > > > > > > > > > > > > > -- > > > > > To unsubscribe from this list go to the following URL and read the > > > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > > > > > > > > > > > > > -- > > > ???forumZFD > > > Entschieden f?r Frieden|Committed to Peace > > > > > > Benedikt Kale? > > > Leiter Team IT|Head team IT > > > > > > Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service > > > Am K?lner Brett 8 | 50825 K?ln | Germany > > > > > > Tel 0221 91273233 | Fax 0221 91273299 | > > > http://www.forumZFD.de > > > > > > Vorstand nach ? 26 BGB, einzelvertretungsberechtigt|Executive Board: > > > Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, > > > Alexander Mauz > > > VR 17651 Amtsgericht K?ln > > > > > > Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX > > > > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > >-- ?forumZFD Entschieden f?r Frieden|Committed to Peace Benedikt Kale? Leiter Team IT|Head team IT Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service Am K?lner Brett 8 | 50825 K?ln | Germany Tel 0221 91273233 | Fax 0221 91273299 | http://www.forumZFD.de Vorstand nach ? 26 BGB, einzelvertretungsberechtigt|Executive Board: Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, Alexander Mauz VR 17651 Amtsgericht K?ln Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX
On 29/08/2019 08:16, Benedikt Kale? via samba wrote:> Hi, > > this configuration doesn't make any differenc in daily life. So perhaps > an ID-Mapping problem? > > an ldbsearch --url=/var/lib/samba/private/sam.ldb > > shows > > dn: CN=Team IT and facilities,OU=HO,OU=example,DC=com,DC=de > objectClass: top > objectClass: group > cn: Team > instanceType: 4 > whenCreated: 20180731103742.0Z > uSNCreated: 3631 > name: Team > objectGUID: 7a27f859-97dc-4cf8-b4b1-c7b7cfe0f585 > objectSid: S-1-5-21-1996849273-3222042488-349429296-101163 > sAMAccountName: Team > sAMAccountType: 268435456 > groupType: -2147483646 > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com > whenChanged: 20190723103748.0Z > uSNChanged: 39294 > member:: > Q049QmVuZWRpa3QgS2FsZcOfLE9VPVRlYW0gSVQgJiBGYWNpbGl0eSBNYW5hZ2VtZW50L > ?E9VPUV4ZWN1dGl2ZSBCb2FyZCBGaW5hbmNlXCwgSFJcLCBBZG1pbmlzdHJhdGlvbixPVT1ITyxPVT > ?1aRkQsREM9emZkLERDPWZvcnVtemZkLERDPWRl > member: CN=Testuser,OU=IRK,OU=ZFD,DC=zfd,DC=forumzfd,DC=de > distinguishedName: CN=Team,OU=HO,OU=,Example,DC=com,D > ?C=deThat doesn't look right at all, the 'cn', 'name', 'sAMAccountName' & 'distinguishedName' should be 'Team IT and facilities' and before anybody asks, the base64 encoded 'member' is encoded for a reason.> So, I assume that the uid on the ctdb and a standalone fileserver has to > be 101163, right? > > The ctdb shows the uid 103150, the fileserver 102150No 'uid' would be 'Team IT and facilities', but the gidNumber doesn't have to be the same everywhere, unless you are using the winbind 'ad' backend. However, if you are using the winbind 'rid' backend, I would expect the group ID to end with the same numbers, in this case '163', as it is calculated from the RID. Rowland
Hi, sorry to bother you: I have three AD in the domain. They all deliver different IDs: root at addc2:~# id testuser uid=3000155(EXAMPLE\testuser) gid=100(users) Gruppen=100(users),3000155(EXAMPLE\testuser),3000036(EXAMPLE\TEAM1),3000014(EXAMPLE\gesch?ftsstelle),3000001(BUILTIN\users) root at addc3:~$ id testuser uid=3000133(EXAMPLE\testuser) gid=100(users) Gruppen=100(users),3000133(EXAMPLE\testuser),3000093(EXAMPLE\TEAM1),3000041(EXAMPLE\gesch?ftsstelle),3000007(BUILTIN\users) root at addc3:~# id testuser uid=3000080(EXAMPLE\testuser) gid=100(users) Gruppen=100(users),3000080(EXAMPLE\testuser),3000051(EXAMPLE\TEAM1),3000023(EXAMPLE\gesch?ftsstelle),3000001(BUILTIN\users) Best Bene Am 29.08.19 um 09:16 schrieb Benedikt Kale? via samba:> Hi, > > this configuration doesn't make any differenc in daily life. So perhaps > an ID-Mapping problem? > > an ldbsearch --url=/var/lib/samba/private/sam.ldb > > shows > > dn: CN=Team IT and facilities,OU=HO,OU=example,DC=com,DC=de > objectClass: top > objectClass: group > cn: Team > instanceType: 4 > whenCreated: 20180731103742.0Z > uSNCreated: 3631 > name: Team > objectGUID: 7a27f859-97dc-4cf8-b4b1-c7b7cfe0f585 > objectSid: S-1-5-21-1996849273-3222042488-349429296-101163 > sAMAccountName: Team > sAMAccountType: 268435456 > groupType: -2147483646 > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com > whenChanged: 20190723103748.0Z > uSNChanged: 39294 > member:: > Q049QmVuZWRpa3QgS2FsZcOfLE9VPVRlYW0gSVQgJiBGYWNpbGl0eSBNYW5hZ2VtZW50L > ?E9VPUV4ZWN1dGl2ZSBCb2FyZCBGaW5hbmNlXCwgSFJcLCBBZG1pbmlzdHJhdGlvbixPVT1ITyxPVT > ?1aRkQsREM9emZkLERDPWZvcnVtemZkLERDPWRl > member: CN=Testuser,OU=IRK,OU=ZFD,DC=zfd,DC=forumzfd,DC=de > distinguishedName: CN=Team,OU=HO,OU=,Example,DC=com,D > ?C=de > > So, I assume that the uid on the ctdb and a standalone fileserver has to > be 101163, right? > > The ctdb shows the uid 103150, the fileserver 102150 > > That can't be okay and I think I have to search further regarding this > issue. > > Is there any offset configured? > > Best > > Bene > > > Am 29.08.19 um 08:46 schrieb L.P.H. van Belle via samba: > > Hai, > > > > Great to hear i could help one with a gluster problem :-) > > > > And ofcourse your allowed to keep us up2date. > > So yes, plese, by doing that and sharing the configs it might help other people. > > > > Greetz, > > > > Louis > > > > > > > > > > > -----Oorspronkelijk bericht----- > > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > > Benedikt Kale? via samba > > > Verzonden: woensdag 28 augustus 2019 17:37 > > > Aan: samba at lists.samba.org > > > Onderwerp: Re: [Samba] Permission Issue > > > > > > Hi, > > > > > > of course? you can not know everything :) I'm glad to have > > > your support! > > > Thank you. > > > > > > Actually I did a gluster_client fluse mount and set up the > > > share in the > > > registry "old fashioned". > > > > > > I changed that now to the following: > > > > > > [share] > > > ??? comment = Archivdateien der Abteilung Projekte > > > ??? read only = no > > > ??? vfs objects = acl_xattr glusterfs > > > ??? glusterfs:volume = gv-ho > > > ??? glusterfs:logfile = /var/log/samba/glusterfs-gv-ho.log > > > ??? glusterfs:loglevel = 3 > > > ??? glusterfs:volfile_server = gluster1 gluster3 > > > ??? kernel share modes = no > > > ??? path = /data/share > > > > > > Of course I added your recomondations as well like "store dos > > > attributes"... > > > > > > It looks good in the moment. But I will stay you updated here, if I'm > > > allowed to. > > > > > > Best regards > > > > > > Bene > > > > > > > > > Am 28.08.19 um 15:56 schrieb L.P.H. van Belle via samba: > > > > Hai, > > > > > > > > First i must say, i dont use/know gluster. > > > > > > > > But I noticed you config (smb.conf) is a bit off. > > > > > > > > store dos attributes = Yes << is missing. > > > > > > > > And i would say setup netbios name and REALM in CAPS. > > > > And > > > > > ??? smbd:search ask sharemode = no > > > > Should be : smbd search ask sharemod > > > > >> https://www.samba.org/samba/history/samba-4.10.0.html > > > > See smb.conf changes, > > > > > > > > What i dont know, but dont you need one or both of these. > > > (vfs_modules) > > > > Because i also notice New glusterfs_fuse VFS module as > > > "new" in the changelog. > > > > > > > > See: > > > > man vfs_glusterfs > > > > man vfs_glusterfs_fuse > > > > > > > > Someone, who knows gluster, should give more info about this. > > > > I cant.. (sorry), I cant know everything.. :-/ > > > > > > > > Greetz, > > > > > > > > Louis > > > > > > > > > > > > > > > > > > > > > > > > > -----Oorspronkelijk bericht----- > > > > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > > > > Benedikt Kale? via samba > > > > > Verzonden: woensdag 28 augustus 2019 11:22 > > > > > Aan: samba at lists.samba.org >> samba > > > > > Onderwerp: [Samba] Permission Issue > > > > > > > > > > Hi again, > > > > > > > > > > regarding my post "plenty of vacuuuming process" a "gluster > > > > > volume heal" > > > > > seems to improve the situation. > > > > > > > > > > But I still have a strange problem: > > > > > > > > > > Sometimes a user don't have permissions to? a restricted > > > folder when h > > > > > connects to a share or logs in at a windows client. In > > > some times all > > > > > permissions are granted. If the user creates a file, the user > > > > > and group > > > > > is correctly set. > > > > > > > > > > Im running Samba version 4.9.12-SerNet-Debian-15.stretch on > > > > > all 3 nodes. > > > > > > > > > > I tried to enlarge the id range with no effects. > > > > > > > > > > This is the output off net conf list: > > > > > > > > > > [global] > > > > > ??? winbind refresh tickets = Yes > > > > > ??? winbind use default domain = yes > > > > > ??? template shell = /bin/bash > > > > > ??? idmap config * : range = 1000000 - 1999999 > > > > > ??? idmap config DOMAINNAME : backend = rid > > > > > ??? idmap config DOMAINNAME : range = 1000 - 999999 > > > > > ??? hide dot files = yes > > > > > ??? server string = Daten server %h (Samba %v) > > > > > ??? vfs objects = acl_xattr > > > > > ??? map acl inherit = yes > > > > > ??? workgroup = DOMAINNAME > > > > > ??? netbios name = cluster-ho > > > > > ??? clustering = yes > > > > > ??? security = ads > > > > > ??? realm = zfd.forumzfd.de > > > > > ??? smbd:search ask sharemode = no > > > > > > > > > > [home] > > > > > ??? path = /data/ho/ > > > > > ??? comment = Home Directories > > > > > ??? read only = no > > > > > ??? browseable = yes > > > > > > > > > > [Ablage] > > > > > ??? comment = DATA_Share > > > > > ? ? path = /data/ho/data > > > > > ??? read only = no > > > > > > > > > > > > > > > This is is the message in /var/log/samba/log.smbd: > > > > > > > > > > ?smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] > > > > > status[NT_STATUS_ACCESS_DENIED] || at > > > > > ../source3/smbd/smb2_getinfo.c:159 > > > > > > > > > > Thank you again for ideas or comments. > > > > > > > > > > > > > > > Best regards > > > > > > > > > > Bene > > > > > > > > > > -- > > > > > ???forumZFD > > > > > Entschieden f?r Frieden|Committed to Peace > > > > > > > > > > Benedikt Kale? > > > > > Leiter Team IT|Head team IT > > > > > > > > > > Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service > > > > > Am K?lner Brett 8 | 50825 K?ln | Germany > > > > > > > > > > Tel 0221 91273233 | Fax 0221 91273299 | > > > > > http://www.forumZFD.de > > > > > > > > > > Vorstand nach ? 26 BGB, > > > einzelvertretungsberechtigt|Executive Board: > > > > > Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, > > > > > Alexander Mauz > > > > > VR 17651 Amtsgericht K?ln > > > > > > > > > > Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC > > > BFSWDE33XXX > > > > > > > > > > > > > > > -- > > > > > To unsubscribe from this list go to the following URL and read the > > > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > > > > > > > > > > > > > -- > > > ???forumZFD > > > Entschieden f?r Frieden|Committed to Peace > > > > > > Benedikt Kale? > > > Leiter Team IT|Head team IT > > > > > > Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service > > > Am K?lner Brett 8 | 50825 K?ln | Germany > > > > > > Tel 0221 91273233 | Fax 0221 91273299 | > > > http://www.forumZFD.de > > > > > > Vorstand nach ? 26 BGB, einzelvertretungsberechtigt|Executive Board: > > > Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, > > > Alexander Mauz > > > VR 17651 Amtsgericht K?ln > > > > > > Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX > > > > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > >-- ?forumZFD Entschieden f?r Frieden|Committed to Peace Benedikt Kale? Leiter Team IT|Head team IT Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service Am K?lner Brett 8 | 50825 K?ln | Germany Tel 0221 91273233 | Fax 0221 91273299 | http://www.forumZFD.de Vorstand nach ? 26 BGB, einzelvertretungsberechtigt|Executive Board: Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, Alexander Mauz VR 17651 Amtsgericht K?ln Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX