I'm trying to set up two Fed12 hosts to authenticate against AD 2008 and use AD users/groups on the two hosts as the authentication source for permissions. (version of samba-3.4.7-58)
both hosts have successfully joined the AD domain and wbinfo -g & wbinfo -u both return valid lists from ..., I can authenticate via ssh using AD credentials with no issue, I can successfully mount a samba share off a Windows or Linux host, however when I compare the hosts read of ->
wbinfo --group-info="mygroup"
the two host gid values are off on some but not on all group gids, between the two hosts on all AD groups.
[root@hostB ~]# wbinfo --group-info="it"
it:*:16777222
[root@hostA ~]# wbinfo --group-info="it"
it:*:16777225
Folks any thought or configuration files that should be investigated... any and all help is appreciated.
-Okeeton
smb.conf from hostA:
Quote:
[root@hostA ~]# cat /etc/samba/smb.conf
#======================= Global Settings =====================================
[global]
#--authconfig--start-line--
# Generated by authconfig on 2010/03/30 10:55:49
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future
workgroup = MyDomain
password server = 192.168.10.5
realm = MyDomain.LAN
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
#--authconfig--end-line--
#### Following 2 lies added for group sync in AD single Domain
allow trusted domains = no
idmap backend = idmap_rid:mydomain=16777216-33554431
server string = Samba Server Version %v
netbios name= hostA
server signing = AUTO
client use spnego = YES
ntlm auth = YES
lanman auth = NO
;use kerberos keytab = YES
encrypt passwords = YES
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = NO
dns proxy = NO
winbind refresh tickets = YES
# --------------------------- Logging Options -----------------------------
log level = 5
log file = /var/log/samba/log.%m
max log size = 50
# ----------------------- Standalone Server Options ------------------------
passdb backend = tdbsam
# --------------------------- Printing Options -----------------------------
load printers = yes
cups options = raw
# --------------------------- File System Options ---------------------------
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
valid users = mydomain\%S
[data]
comment = BioStatdev
path = /data
writable = yes
valid users = @"MyDomain\it", @"MyDomain\data analysis"
writable = yes
browseable = yes
guest ok = No
create mask = 0660
directory mask = 0775
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
|
smb.conf from hostB
Quote:
[root@HostB ~]# cat /etc/samba/smb.conf
#======================= Global Settings =====================================
[global]
#--authconfig--start-line--
# Generated by authconfig on 2010/03/31 11:41:39
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future
workgroup = MyDomain
password server = 192.168.10.5
realm = MyDomain.LAN
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
#--authconfig--end-line--
#### Following 2 lies added for group sync in AD single Domain
allow trusted domains = no
idmap backend = idmap_rid:mydomain=16777216-33554431
server string = Samba Server Version %v
netbios name = HostB
log level = 5
log file = /var/log/samba/log.%m
max log size = 50
server signing = AUTO
client use spnego = YES
ntlm auth = YES
lanman auth = NO
;use kerberos keytab = YES
encrypt passwords = YES
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = NO
dns proxy = NO
winbind refresh tickets = YES
# --------------------------- Logging Options -----------------------------
# ----------------------- Standalone Server Options ------------------------
passdb backend = tdbsam
# --------------------------- Printing Options -----------------------------
load printers = yes
cups options = raw
# --------------------------- File System Options ---------------------------
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
valid users = MyDomain\%S
[RnD]
comment = BioStat
path = /data/RnD
writable = yes
valid users = @"MyDomain\it", @"MyDomain\data analysis"
browseable = yes
guest ok = No
create mask = 0660
directory mask = 0775
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
|