[Samba] FW: [Bug 11241] different ids even when idmap.ldb copied. not abug..

L.P.H. van Belle belle at bazuin.nl
Thu Apr 30 02:09:56 MDT 2015 

( sorry for mailing directly bjorn, but please have a look ) 

I still think this is a bug.. 

why not a bug:
If i do assign a UID/GID to a user, then yes, this wil work fine. 
new users and groups sure.. but now im talking about the default domain groups.. 

why a bug: 
User administrator and the domain groups are set by default by samba. 
and its not consistant at all which is needed for a replicated sysvol. 
yes, not supported by samba, but i hope samba is working on that, and then
this wil be an issue also, better fix it now imo. 

let met explain what i see.. 

administrator has uid 0.. 
wbinfo -i DOMAIN\\administrator
DOMAIN\Administrator:*:0:100::/home/DOMAIN/Administrator:/bin/false 
Administrator ... and not administrator..  

so now this is my result of my sysvol... 
 ls -n
total 8
drwxrwx---+ 4 0 3000000 4096 Apr 28 13:32 internal.domain.tld
wbinfo --uid-info 0
administrator:*:0:100::/home/DOMAIN/administrator:/bin/false
administrator and not Administrator ? 

first 2 differences in usernames :  Administrator and administrator

wbinfo --uid-info 0
administrator:*:0:100::/home/DOMAIN/administrator:/bin/false
wbinfo -i DOMAIN\\administrator
DOMAIN\Administrator:*:0:100::/home/DOMAIN/Administrator:/bin/false

wbinfo -i DOMAIN\\Administrator
administrator:*:0:100::/home/BAZRTD/administrator:/bin/false
converted Adminsitrator to administrator.

look at the homedir..  Caps A and not caps.  so 2 different folders. 
2 different users. 
in total 3 users with uid 0 ( root, administrator and Administrator ) 


in the sysvol/internal.domain.tld : 
ls -n
total 16
drwxrwx---+ 4 0 3000000 4096 Apr 28 13:32 Policies
drwxrwx---+ 2 0 3000000 4096 Apr 28 13:32 scripts

ls -l
total 8
drwxrwx---+ 4 root BUILTIN\administrators 4096 Apr 28 13:32 internal.domain.tld

wbinfo --group-info "BUILTIN\administrators"
BUILTIN\administrators:x:3000000:

for the Policies folder :  
Policies# ls -n
total 16
drwxrwx---+ 4 3000008 3000008 4096 Apr 28 13:32 {31B2F340-016D-11D2-945F-00C04FB984F9}
drwxrwx---+ 4 3000008 3000008 4096 Apr 28 13:32 {6AC1786C-016F-11D2-945F-00C04FB984F9}

wbinfo --uid-info 3000008
domain admins:*:3000008:3000008::/home/DOMAIN/domain admins:/bin/false

wbinfo --gid-info 3000008
domain admins:x:3000008:administrator

wbinfo --group-info "DOMAIN\domain admins"
domain admins:x:3000008:administrator

wbinfo --user-info "DOMAIN\domain admins"
domain admins:*:3000008:3000008::/home/BAZRTD/domain admins:/bin/false


getfacl \{31B2F340-016D-11D2-945F-00C04FB984F9\}/
# file: {31B2F340-016D-11D2-945F-00C04FB984F9}/
# owner: domain\040admins
# group: domain\040admins
user::rwx
group::rwx
group:3000002:rwx
group:3000003:r-x
group:enterprise\040admins:rwx
group:domain\040admins:rwx
group:3000010:r-x
mask::rwx
other::---
default:user::rwx
default:user:domain\040admins:rwx
default:group::---
default:group:3000002:rwx
default:group:3000003:r-x
default:group:enterprise\040admins:rwx
default:group:domain\040admins:rwx
default:group:3000010:r-x
default:mask::rwx
default:other::---

the user owner is the group ?  how can the user owner be a group ? 
I this allowed ?  This i really dont know. 

so i have "user" : "domain admins"
and i have group : "domain admins"

Documentation lacks here, or i really cant find it..   

anyone any comment on this ? 



Greetz, 

Louis




>-----Oorspronkelijk bericht-----
>Van: belle at bazuin.nl [mailto:samba-bounces at lists.samba.org] 
>Namens L.P.H. van Belle
>Verzonden: donderdag 30 april 2015 8:10
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] FW: [Bug 11241] different ids even when 
>idmap.ldb copied. not abug..
>
>Please read the reported bug and bjorn answer.. which does not 
>help any to a solution of fix, or explenation. 
>But the big question now is, does someone somewhere know what 
>bjorn is talking about. 
>
>i did search for "gencache" but no go here.. 
>just from old documentation.
>https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/tdb.html 
>gencache.tdb  Generic caching database. 
>
>
>Greetz, 
>
>Louis
>
>
>-----Oorspronkelijk bericht-----
>Van: samba-bugs at samba.org [mailto:samba-bugs at samba.org] 
>Verzonden: woensdag 29 april 2015 17:51
>Aan: L.P.H. van Belle
>Onderwerp: [Bug 11241] different ids even when idmap.ldb copied.
>
>https://bugzilla.samba.org/show_bug.cgi?id=11241
>
>Björn Jacke <bj at sernet.de> changed:
>
>           What    |Removed                     |Added
>---------------------------------------------------------------
>-------------
>         Resolution|---                         |INVALID
>             Status|NEW                         |RESOLVED
>
>--- Comment #1 from Björn Jacke <bj at sernet.de> ---
>this is not a supported thing to do, so this is not a valid 
>bug. winbindd has a
>different way of caching (investigate gencache for example) 
>entries and this is
>probably what makes that hack stop working for you with winbindd.
>
>-- 
>You are receiving this mail because:
>You reported the bug.
>
>REPORTED BUG.. 
>
>Louis     2015-04-29 08:51:03 UTC  
>Hai. getting same ids on 2 DC's does not work anymore on samba 4.2.1
>with in smb.conf 
>server services = -dns +winbindd -winbind
>Of i set it to 
>server services = -dns -winbindd +winbind 
>it does work again. 
>
>with 4.1.17 the solution was simple.. we stop samba on both servers. 
>scp /var/lib/samba/private/idmap.ldb 
>root at 192.168.0.2:/var/lib/samba/private/
>started samba on both servers and 
>id administrator gave the same id's for all groups. 
>
>Now on 4.2.1
>DC1:  id administrator
>uid=0(root) gid=100(users) groups=0(root),100(users),
>3000004(group policy creator owners),
>3000006(enterprise admins),
>3000008(domain admins),
>3000007(schema admins),
>3000005(denied rodc password replication group),
>3000009(BUILTIN\users),
>3000000(BUILTIN\administrators)
>
>id administrator
>uid=0(root) gid=100(users) groups=0(root),100(users),
>3000011(group policy creator owners),
>3000010(enterprise admins),
>3000007(domain admins),
>3000009(schema admins),
>3000008(denied rodc password replication group),
>3000001(BUILTIN\users),
>3000000(BUILTIN\administrators)
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list