[Samba] Cannot chown file to active directory user/group on member server

Rowland Penny rowlandpenny241155 at gmail.com
Sat Nov 7 16:19:52 UTC 2015 

On 07/11/15 16:02, Krutskikh Ivan wrote:
> Hi,
>
> I need to change ownership of server files to user/group defined in active
> directory ( using rfc2307 and unix attributes). Chown returns no error, but
> 'ls -lia' shows that file ownership is unchanged. What am I doing wrong?
>
> archive-test:/archive/video # ls -lia ./test.mp4
> 17121 -rw-r--r-- 1 root root 2413096 ноя  2 19:50 ./test.mp4
> archive-test:/archive/video # wbinfo -u
> administrator
> xviewsion
> videoadm
> viewer1
> krbtgt
> newadm
> guest
> test
> new
> archive-test:/archive/video # wbinfo -g
> allowed rodc password replication group
> enterprise read-only domain controllers
> denied rodc password replication group
> read-only domain controllers
> group policy creator owners
> ras and ias servers
> domain controllers
> enterprise admins
> domain computers
> cert publishers
> dnsupdateproxy
> domain admins
> domain guests
> schema admins
> domain users
> video admins
> dnsadmins
> videotest
> video
> archive-test:/archive/video # chown xviewsion ./test.mp4
> archive-test:/archive/video # ls -lia ./test.mp4
> 17121 -rw-r--r-- 1 root root 2413096 ноя  2 19:50 ./test.mp4
>
>
> I think that something is wrong with uid/gid mapping:
>
> archive-test:/archive/video # getent passwd
> root:x:0:0:root:/root:/bin/bash
> bin:x:1:1:bin:/bin:/bin/bash
> daemon:x:2:2:Daemon:/sbin:/bin/bash
> lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash
> mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false
> news:x:9:13:News  system:/etc/news:/bin/bash
> uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash
> games:x:12:100:Games account:/var/games:/bin/bash
> man:x:13:62:Manual  pages viewer:/var/cache/man:/bin/bash
> wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false
> ftp:x:40:49:FTP account:/srv/ftp:/bin/bash
> nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash
> messagebus:x:499:497:User for D-Bus:/run/dbus:/bin/false
> postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false
> rpc:x:498:65534:user for rpcbind:/var/lib/empty:/sbin/nologin
> sshd:x:497:496:SSH daemon:/var/lib/sshd:/bin/false
> statd:x:496:65534:NFS statd daemon:/var/lib/nfs:/sbin/nologin
> polkitd:x:495:495:User for polkitd:/var/lib/polkit:/sbin/nologin
> usrsokrat:x:1000:100::/home/usrsokrat:/bin/bash
> qemu:x:494:493:qemu user:/:/sbin/nologin
> tftp:x:493:492:TFTP account:/srv/tftpboot:/bin/false
> dnsmasq:x:492:65534:dnsmasq:/var/lib/empty:/bin/false
> avahi:x:491:491:User for Avahi:/run/avahi-daemon:/bin/false
> radvd:x:490:2:Router ADVertisement Daemon for:/var/lib/empty:/bin/false
> lxdm:x:489:488:LXDE Display Manager daemon:/var/lib/lxdm:/bin/false
> avahi-autoipd:x:488:487:User for Avahi
> IPv4LL:/var/lib/avahi-autoipd:/bin/false
> at:x:25:25:Batch jobs daemon:/var/spool/atjobs:/bin/bash
> nscd:x:487:486:User for nscd:/run/nscd:/sbin/nologin
> ntp:x:74:485:NTP daemon:/var/lib/ntp:/bin/false
> mysql:x:60:484:MySQL database admin:/var/lib/mysql:/bin/false
> nginx:x:486:483:user for nginx:/var/lib/nginx:/bin/false
> zabbix:x:485:482:Zabbix Agent Daemon:/var/lib/zabbix:/bin/false
> privoxy:x:484:481:Daemon user for privoxy:/var/lib/privoxy:/bin/false
> vscan:x:65:480:Vscan account:/var/spool/amavis:/bin/false
> lightdm:x:483:478:LightDM daemon:/var/lib/lightdm:/bin/false
> kdm:x:482:477:KDM Display Manager daemon:/var:/bin/false
> drweb:x:100:1000:Dr.Web system account:/var/opt/drweb.com:/bin/false
> asurkov:x:11114:100::/home/asurkov:/bin/bash
> administrator:*:4294967295:4294967295:Administrator:/home/Administrator:/bin/bash
> xviewsion:*:4294967295:4294967295:xviewsion:/home/xviewsion:/bin/sh
> videoadm:*:4294967295:4294967295:videoadm:/home/videoadm:/bin/sh
> viewer1:*:4294967295:4294967295:Viewer1:/home/TSNR/viewer1:/bin/bash
> krbtgt:*:4294967295:4294967295:krbtgt:/home/TSNR/krbtgt:/bin/bash
> newadm:*:4294967295:4294967295:newadm:/home/TSNR/newadm:/bin/bash
> guest:*:4294967295:4294967295:Guest:/home/TSNR/guest:/bin/bash
> test:*:4294967295:4294967295:test:/home/test:/bin/sh
> new:*:4294967295:4294967295:new:/home/new:/bin/sh
>
>

Can you provide a bit more info,
What distro are you using?
What version of samba?
What is your smb.conf?
Is this on a DC or a Domain Member?
Are you using sssd?
Do your users have a uidNumber?
does the Domain Users group have a gidNumber?

and most importantly why does every domain user and group have the ID 
number of  4294967295? perhaps if you supply the above, we may be able 
to work this out.

Rowland

More information about the samba mailing list