[Samba] FW: [Bug 11241] different ids even when idmap.ldb copied. not abug..
L.P.H. van Belle
belle at bazuin.nl
Thu Apr 30 02:09:56 MDT 2015
( sorry for mailing directly bjorn, but please have a look )
I still think this is a bug..
why not a bug:
If i do assign a UID/GID to a user, then yes, this wil work fine.
new users and groups sure.. but now im talking about the default domain groups..
why a bug:
User administrator and the domain groups are set by default by samba.
and its not consistant at all which is needed for a replicated sysvol.
yes, not supported by samba, but i hope samba is working on that, and then
this wil be an issue also, better fix it now imo.
let met explain what i see..
administrator has uid 0..
wbinfo -i DOMAIN\\administrator
DOMAIN\Administrator:*:0:100::/home/DOMAIN/Administrator:/bin/false
Administrator ... and not administrator..
so now this is my result of my sysvol...
ls -n
total 8
drwxrwx---+ 4 0 3000000 4096 Apr 28 13:32 internal.domain.tld
wbinfo --uid-info 0
administrator:*:0:100::/home/DOMAIN/administrator:/bin/false
administrator and not Administrator ?
first 2 differences in usernames : Administrator and administrator
wbinfo --uid-info 0
administrator:*:0:100::/home/DOMAIN/administrator:/bin/false
wbinfo -i DOMAIN\\administrator
DOMAIN\Administrator:*:0:100::/home/DOMAIN/Administrator:/bin/false
wbinfo -i DOMAIN\\Administrator
administrator:*:0:100::/home/BAZRTD/administrator:/bin/false
converted Adminsitrator to administrator.
look at the homedir.. Caps A and not caps. so 2 different folders.
2 different users.
in total 3 users with uid 0 ( root, administrator and Administrator )
in the sysvol/internal.domain.tld :
ls -n
total 16
drwxrwx---+ 4 0 3000000 4096 Apr 28 13:32 Policies
drwxrwx---+ 2 0 3000000 4096 Apr 28 13:32 scripts
ls -l
total 8
drwxrwx---+ 4 root BUILTIN\administrators 4096 Apr 28 13:32 internal.domain.tld
wbinfo --group-info "BUILTIN\administrators"
BUILTIN\administrators:x:3000000:
for the Policies folder :
Policies# ls -n
total 16
drwxrwx---+ 4 3000008 3000008 4096 Apr 28 13:32 {31B2F340-016D-11D2-945F-00C04FB984F9}
drwxrwx---+ 4 3000008 3000008 4096 Apr 28 13:32 {6AC1786C-016F-11D2-945F-00C04FB984F9}
wbinfo --uid-info 3000008
domain admins:*:3000008:3000008::/home/DOMAIN/domain admins:/bin/false
wbinfo --gid-info 3000008
domain admins:x:3000008:administrator
wbinfo --group-info "DOMAIN\domain admins"
domain admins:x:3000008:administrator
wbinfo --user-info "DOMAIN\domain admins"
domain admins:*:3000008:3000008::/home/BAZRTD/domain admins:/bin/false
getfacl \{31B2F340-016D-11D2-945F-00C04FB984F9\}/
# file: {31B2F340-016D-11D2-945F-00C04FB984F9}/
# owner: domain\040admins
# group: domain\040admins
user::rwx
group::rwx
group:3000002:rwx
group:3000003:r-x
group:enterprise\040admins:rwx
group:domain\040admins:rwx
group:3000010:r-x
mask::rwx
other::---
default:user::rwx
default:user:domain\040admins:rwx
default:group::---
default:group:3000002:rwx
default:group:3000003:r-x
default:group:enterprise\040admins:rwx
default:group:domain\040admins:rwx
default:group:3000010:r-x
default:mask::rwx
default:other::---
the user owner is the group ? how can the user owner be a group ?
I this allowed ? This i really dont know.
so i have "user" : "domain admins"
and i have group : "domain admins"
Documentation lacks here, or i really cant find it..
anyone any comment on this ?
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: belle at bazuin.nl [mailto:samba-bounces at lists.samba.org]
>Namens L.P.H. van Belle
>Verzonden: donderdag 30 april 2015 8:10
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] FW: [Bug 11241] different ids even when
>idmap.ldb copied. not abug..
>
>Please read the reported bug and bjorn answer.. which does not
>help any to a solution of fix, or explenation.
>But the big question now is, does someone somewhere know what
>bjorn is talking about.
>
>i did search for "gencache" but no go here..
>just from old documentation.
>https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/tdb.html
>gencache.tdb Generic caching database.
>
>
>Greetz,
>
>Louis
>
>
>-----Oorspronkelijk bericht-----
>Van: samba-bugs at samba.org [mailto:samba-bugs at samba.org]
>Verzonden: woensdag 29 april 2015 17:51
>Aan: L.P.H. van Belle
>Onderwerp: [Bug 11241] different ids even when idmap.ldb copied.
>
>https://bugzilla.samba.org/show_bug.cgi?id=11241
>
>Björn Jacke <bj at sernet.de> changed:
>
> What |Removed |Added
>---------------------------------------------------------------
>-------------
> Resolution|--- |INVALID
> Status|NEW |RESOLVED
>
>--- Comment #1 from Björn Jacke <bj at sernet.de> ---
>this is not a supported thing to do, so this is not a valid
>bug. winbindd has a
>different way of caching (investigate gencache for example)
>entries and this is
>probably what makes that hack stop working for you with winbindd.
>
>--
>You are receiving this mail because:
>You reported the bug.
>
>REPORTED BUG..
>
>Louis 2015-04-29 08:51:03 UTC
>Hai. getting same ids on 2 DC's does not work anymore on samba 4.2.1
>with in smb.conf
>server services = -dns +winbindd -winbind
>Of i set it to
>server services = -dns -winbindd +winbind
>it does work again.
>
>with 4.1.17 the solution was simple.. we stop samba on both servers.
>scp /var/lib/samba/private/idmap.ldb
>root at 192.168.0.2:/var/lib/samba/private/
>started samba on both servers and
>id administrator gave the same id's for all groups.
>
>Now on 4.2.1
>DC1: id administrator
>uid=0(root) gid=100(users) groups=0(root),100(users),
>3000004(group policy creator owners),
>3000006(enterprise admins),
>3000008(domain admins),
>3000007(schema admins),
>3000005(denied rodc password replication group),
>3000009(BUILTIN\users),
>3000000(BUILTIN\administrators)
>
>id administrator
>uid=0(root) gid=100(users) groups=0(root),100(users),
>3000011(group policy creator owners),
>3000010(enterprise admins),
>3000007(domain admins),
>3000009(schema admins),
>3000008(denied rodc password replication group),
>3000001(BUILTIN\users),
>3000000(BUILTIN\administrators)
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list