On 05/03/2010 04:14 PM, Dale Schroeder wrote: > On 05/02/2010 10:32 PM, Mike Leone wrote: >> Here's what I don't understand - the user I am trying to mount shares >> with, does not show up the same on both systems, yet the smb.confs are >> the same. >> >> > From workhorse: >> >> $ getent passwd >> <snip> >> DACRIB+turgon:*:10007:10012:Mike Leone:/home/DACRIB/turgon:/bin/bash >> >> $ getent group >> <snip> >> DACRIB+domain users:x:10012: >> >> > From Dual-Booter: >> >> $ getent passwd >> <snip> >> DACRIB+turgon:*:10003:10000:Mike Leone:/home/DACRIB/turgon:/bin/bash >> >> $ getent group >> <snip> >> DACRIB+domain users:x:10000: >> >> Is this the reason I can't mount? Shouldn't the group IDs be equivalent >> on both Samba servers, especially since the smb.confs have the same >> settings? >> > Mike, > > Since I see you're using RID for the idmap backend,
Only because I found a web howto that recommended it. :-) Apparently, I need the domain uid and gid to be the same on different Samba servers, and this page recommend RID as the way to do it. > yes, the user and > group ID's should be the same across all Samba servers. > I can't say if that's your only problem. You might try regenerating > /var/cache/samba/idmap_cache.tdb on both systems to see > which is correct. Be aware that you will have to reset directory/file > permissions on the incorrect system after this is done. How do I do that? Do I just stop winbind and samba; delete the idmap_cache.tdb; and restart winbind and samba? I believe I had started fresh, by leaving the domain; deleting all .tdb files; rejoining the domain. But I may be mis-remembering ... > If you only have one domain, I do. >you might also try the simpler, old-style idmap_rid declaration. > > #idmap config DACRIB:range = 10000 - 20000 > #idmap config DACRIB:backend = rid > #idmap config DACRIB:schema_mode = rfc2307 > idmap backend = rid:DACRIB=10000-20000 > > For testing purposes, also note that for idmap_rid, the defaults for > "auth methods" and "winbind nss info" are usually sufficient. I can give that a shot, sure. :-) > Although it may not matter, there are some significant differences in > the smb.conf's. Specifically, in Dual-Booter, you have > set some parameters in [global] (that are normally reserved for shares) > which are not declared in workhorse. > > [global] > > read only = No > create mask = 0700 > directory mask = 0775 > I can lose those, no big deal. > Additionally, Dual-Booter has the following, but workhorse does not. > > invalid users = root I am told (on another list) that I will need to use nss_ldap, if I want(need?) to keep domain lookups consistent across Samba servers. Using winbind for NSS only guarantees consistent uid/gids on one server. Such conflicting information is what makes these ... less than enjoyable. :-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
