[Samba] gid collision
John Adams
mailinglists at belfin.ch
Tue Feb 5 04:59:14 MST 2013
Hi
A bit more than 24 hours later the group 'python\none' re-appeared.
wbinfo told me this about 'domain users' and 'python\none':
root at python:/var/run/samba# wbinfo -n 'PYTHON\none'
S-1-5-21-1142660729-3645412750-287447673-513 SID_DOM_GROUP (2)
This SID does not exist in AD.
root at python:/var/run/samba# wbinfo -n 'domain users'
S-1-5-21-3399354374-3828377523-3974166524-513 SID_DOM_GROUP (2)
This SID exists in AD.
Both SIDs are found in /var/run/samba/gencache.tdb.
How is gencache.tdb generated?
What happens if I try to erase this key in gencache.tdb?
key 59 bytes
IDMAP/SID2GID/S-1-5-21-1142660729-3645412750-287447673-513
data 16 bytes
[000] 20 20 31 33 36 30 30 34 35 39 37 33 2F 2D 31 00 136004 5973/-1
Thanks for any hints and pointers!
Best regards
Philipp
> Hi
>
> I switched in nsswitch.conf
>
> group: files winbind
> to
> group: winbind files
>
> and rebooted the box. PYTHON\none has dissapeared. getent group
> 'python\none' and wbinfo --group-info='python\none' haven't got any
> results anymore.
>
> It feels quite strange that by changing name resolution order behaviour
> like that dissapears. Is this a bug?
>
> Thanks,
> Philipp
>
>
>> Hi
>>
>> Setup is samba 3.6.3 on ubuntu 12.04.1, domain member server in a
>> Win2008R2 DC environment. Userauth is via kerberos.
>>
>> I have a gid collision I cannot find an answer for. Please see below.
>>
>> root at python:/home/DOMAIN/users# ls -la
>> drwxr-x--- 4 user1 PYTHON\none 136 Dez 7 09:42 user1
>> drwxr-x--- 2 user2 PYTHON\none 6 Jan 30 11:01 user2
>> drwxr-x--- 2 user3 PYTHON\none 6 Jan 30 11:13 user3
>>
>> root at python:/home/DOMAIN/users# getent group 'domain users'
>> domain users:x:100513:
>> root at python:/home/DOMAIN/users# getent group 'python\none'
>> PYTHON\none:x:100513:
>>
>> neither wbinfo -g nor getent group list any group named python\none.
>>
>> Has anybody got an explanation for python\none or how I get rid of it?
>>
>> Thanks
>> Philipp
>>
>>
>>
>> smb.conf:
>>
>> [global]
>> workgroup = DOMAIN
>> server string = Fileserver Samba Version %v
>> netbios name = python
>> security = ADS
>> realm = DOMAIN.LOCAL
>> kerberos method = secrets only
>> winbind enum users = yes
>> winbind enum groups = yes
>> winbind nss info = template
>> winbind use default domain = yes
>> winbind refresh tickets = true
>> winbind nested groups = yes
>> idmap config *:backend = rid
>> idmap config *:range = 100000-100000000
>> idmap config *:base_rid = 0
>> template shell = /usr/bin/nologin
>> template homedir = /home/%D/users/%U
>> obey pam restrictions = yes
>> allow trusted domains = no
>> client use spnego = yes
>> client signing = auto
>> preferred master = no
>> load printers = no
>> dos charset = 850
>> unix charset = UTF-8
>> display charset = UTF-8
>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> IPTOS_LOWDELAY SO_KEEPALIVE
>> log file = /var/log/samba/log.%m
>> log level = 3
>> max log size = 50000
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list