[Samba] losing AD user & group information
Mike Rambo
mrambo at lsd.k12.mi.us
Thu May 6 08:32:04 MDT 2010
Hello,
A few weeks ago we started joining some remote servers to our AD domain
as member servers. Several times now we have come back to them and found
ownership settings missing like the following.
[root at franks-dc1 opt]# ll
total 72
drwxrws---+ 3 14505 10013 4096 Nov 28 2006 appinstalls
drwxrws---+ 2 14505 10010 4096 Aug 3 2004 bldgshrs
drwxrwsr-x+ 2 14505 10011 4096 Aug 3 2004 lessons
drwx------ 2 root root 16384 Jul 8 2004 lost+found
drwxrwsr-x+ 3 14505 10013 4096 Feb 27 2009 netapps
drwxrwsr-x+ 3 14505 10013 4096 Mar 25 08:53 netlogon
drwxrwsr-x+ 4 14505 10013 4096 Aug 2 2007 printers
drwsrwsrwx+ 5 nobody 10005 4096 Apr 20 10:39 public
They should be like:
[root at franks-dc1 home]# ll /opt
total 72
drwxrws---+ 3 LPSD+cisitadmin LPSD+enterprise admins 4096 Nov 28 2006
appinstalls
drwxrws---+ 2 LPSD+cisitadmin LPSD+franks-staff 4096 Aug 3 2004
bldgshrs
drwxrwsr-x+ 2 LPSD+cisitadmin LPSD+franks-teachers 4096 Aug 3 2004
lessons
drwx------ 2 root root 16384 Jul 8 2004
lost+found
drwxrwsr-x+ 3 LPSD+cisitadmin LPSD+enterprise admins 4096 Feb 27 2009
netapps
drwxrwsr-x+ 3 LPSD+cisitadmin LPSD+enterprise admins 4096 Mar 25 08:53
netlogon
drwxrwsr-x+ 4 LPSD+cisitadmin LPSD+enterprise admins 4096 Aug 2 2007
printers
drwsrwsrwx+ 5 nobody LPSD+domain users 4096 Apr 20 10:39
public
This problem is affecting ACL's too.
[root at franks-dc1 home]# getfacl /opt/appinstalls/
getfacl: Removing leading '/' from absolute path names
# file: opt/appinstalls
# owner: LPSD+cisitadmin
# group: LPSD+enterprise\040admins
user::rwx
group::rwx
other::---
default:user::rwx
default:user:14505:rwx
default:group::---
default:group:10013:rwx
default:mask::rwx
default:other::---
I assume this must have something to do with idmap & winbind but does
anyone know more about why this is happening and what to do about it?
Thanks.
our smb.conf
[global]
workgroup = LPSD
netbios name = FRANKS-DC1
realm = LPSD.LOCAL
server string = Samba PDC %v
printcap name = CUPS
load printers = yes
printing = cups
printcap = cups
log file = /var/log/samba/log.%m
log level = 1
max log size = 100
security = ADS
syslog = 0
ldap ssl = no
template shell = /bin/bash
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
enable privileges = yes
allow trusted domains = No
idmap backend = idmap_rid:LPSD=500-500000000
idmap uid = 500-500000000
idmap gid = 500-500000000
winbind nested groups = Yes
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
passdb backend = tdbsam
username map = /etc/samba/smbusers
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
deadtime = 5
os level = 63
preferred master = yes
logon home =
logon path =
wins support = yes
dns proxy = no
[homes]
comment = Home Directories
browseable = no
writable = yes
create mask = 0770
directory mask = 0770
nt acl support = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
nt acl support = yes
printable = yes
admin users = @"LPSD+enterprise admins", @"LPSD+domain admins"
valid users = @"LPSD+domain users"
write list = @"LPSD+domain users"
[print$]
comment = Printer Driver Download Area
path = /opt/printers
browseable = no
guest ok = yes
read only = yes
nt acl support = yes
admin users = @"LPSD+enterprise admins", @"LPSD+domain admins"
valid users = @"LPSD+domain users"
write list = @"LPSD+enterprise admins", @LPSD+technicians, root, @adm
[Public]
comment = Public Stuff
path = /opt/public
public = yes
guest ok = yes
writable = yes
create mask = 0777
directory mask = 0777
force security mode = 0
directory security mask = 0777
force directory security mode = 0
browseable = yes
printable = no
nt acl support = yes
admin users = @"LPSD+enterprise admins", @"LPSD+domain admins"
valid users = @"LPSD+domain users"
write list = @"LPSD+domain users"
[NetApps]
path = /opt/netapps
comment = Applications Folder
create mask = 0777
directory mask = 0777
force security mode = 0
directory security mask = 0777
force directory security mode = 0
writable = yes
printable = no
nt acl support = yes
admin users = @"LPSD+enterprise admins", @"LPSD+domain admins"
valid users = @"LPSD+domain users"
write list = @"LPSD+domain users"
Lessons]
path = /opt/lessons
comment = Teacher Lessons
create mask = 0777
directory mask = 0777
force security mode = 0
directory security mask = 0777
force directory security mode = 0
read only = yes
printable = no
nt acl support = yes
acl map full control = yes
admin users = @"LPSD+enterprise admins", @"LPSD+domain admins"
valid users = @LPSD+franks-students, @LPSD+franks-teachers,
@LPSD+franks-staff, @"LPSD+Enterprise Admins", @LPSD+technicians,
@LPSD+netmgrs
write list = @LPSD+franks-teachers, @LPSD+franks-staff,
@"LPSD+Enterprise Admins", @LPSD+technicians, @LPSD+netmgrs
read list = @LPSD+franks-students
[Bldgshare]
path = /opt/bldgshrs
comment = Building share
create mask = 0777
directory mask = 0777
force security mode = 0
directory security mask = 0777
force directory security mode = 0
read only = yes
printable = no
nt acl support = yes
admin users = @"LPSD+enterprise admins", @"LPSD+domain admins"
valid users = @LPSD+franks-teachers, @LPSD+franks-staff,
@"LPSD+Enterprise Admins", @LPSD+technicians, @LPSD+netmgrs
write list = @LPSD+franks-teachers, @LPSD+franks-staff,
@"LPSD+Enterprise Admins", @LPSD+technicians, @LPSD+netmgrs
[AppInstalls]
path = /opt/appinstalls
comment = network application install directory
create mask = 0777
directory mask = 0777
force security mode = 0
directory security mask = 0777
force directory security mode = 0
read only = yes
printable = no
nt acl support = yes
admin users = @"LPSD+enterprise admins", @"LPSD+domain admins"
valid users = @"LPSD+Enterprise Admins", @LPSD+technicians,
@LPSD+netmgrs
write list = @"LPSD+Enterprise Admins", @LPSD+technicians
--
Mike Rambo
NOTE: In order to control energy costs the light at the end
of the tunnel has been shut off until further notice...
More information about the samba
mailing list