[Samba] Samba4 DC/AD documents created in redirected folders with bogus UID

Rowland Penny rowlandpenny241155 at gmail.com
Thu Aug 20 14:56:15 UTC 2015


On 20/08/15 15:24, Mark Foley wrote:
> Guilherme Boing, on 19 Aug 2015 14:31 you wrote:
>
>> I just noticed that my fresh install of Samba 4.2.3 has the same behaviour.
> Did you get a solution?
>
> Odd, but this topic doesn't seem to be getting much traction.  I wonder what
> people are using Samba4 for.  Outside of hard-cord samba-junkies who love
> spending hours testing all kinds of esoteric features, I think most serious
> Samba4 AD/DC users are like me: small office, single domain with a dozen-ish
> Windows workstations.  We don't have forests and trees scattered all over the
> planet.  For us, AD/DC is used for: DNS, DHCP, mail server, Windows
> Authenticated login so users can log into any workstation, and redirected
> folders so users' desktops follow them to any workstation.
>
> Those are the fundamentals. Other than Windows Authentication and redirected
> folders, I don't really see the point of Active Directory.
>
> Therefore, for what I consider to be core, real-world Samba4 usage, this problem
> of users' files getting created with the wrong UID seems to a top-priority bug.
>
> Any suggestions? Something in smb.conf, nsswitch.conf? A setting in RSAT?
>
> --Mark
>
> -----Original Message-----
>> Date: Wed, 19 Aug 2015 14:31:33 -0300
>> From: Guilherme Boing <kolt+samba at frag.com.br>
>> Cc: samba <samba at lists.samba.org>
>> Subject: Re: [Samba] Samba4 DC/AD documents created in redirected folders  with bogus UID
>>
>> I just noticed that my fresh install of Samba 4.2.3 has the same behaviour.
>>
>> I have a share (\\samba\it_share)) and some users when creating files have
>> the UID as 3000000 and some have their correct UIDs.
>> Share permissons are being controlled by Windows ACLs.
>>
>> On Wed, Aug 19, 2015 at 1:58 PM, Mark Foley <mfoley at novatec-inc.com> wrote:
>>
>>> More information,
>>>
>>> It appears I've had this issue since installing Samba 4.1.0 about 6 months
>>> ago.
>>> When I add a domain user, the DC resisdent redirected folder gets
>>> synchronized
>>> with the user's desktop with the correct UID.
>>>
>>> For some users, but not all, new "My Documents" get created with UID
>>> 3000000 on
>>> the DC, not the user's correct ID as shown by wbinfo.  I haven't been able
>>> to
>>> see a configuration difference between users who are able to create the
>>> files
>>> with the correct UID and those not.
>>>
>>> I need to figure this out soon. Otherwise, the users get error messages
>>> like
>>> "Protected View. This file came from the Internet ..." when trying to open
>>> files
>>> originally sync'd with the correct UID.
>>>
>>> --Mark
>>>
>>> -----Original Message-----
>>>> From: Mark Foley <mfoley at novatec-inc.com>
>>>> Date: Wed, 19 Aug 2015 01:14:03 -0400
>>>> To: samba at lists.samba.org
>>>>
>>>> My up-front apologies if this topic has been covered. This is my first
>>> time
>>>> using this list and I don't know how to search for existing topics yet
>>> ...
>>>> I installed Samba4 on Linux Slackware 64 version 14.1 about 6 months
>>> ago. I set
>>>> up redirected folders for the Windows 7 Workstation users. All worked
>>> fine until
>>>> recently. Now, when several of the users create documents and folders on
>>> their
>>>> "Desktop" (redirected to the DC) they are being created with UID
>>> 3000000, which
>>>> is not a configured UID. For example:
>>>>
>>>> $ ls -ltrn "/redirectedFolders/Users/matkeson/My Documents"
>>>> -rwxrwx---+ 1 3000045 100  27648 2015-07-30 07:17 Accounts\
>>> 7-1-2015.docx*
>>>> drwxrwx---+ 2 3000045 100   4096 2015-08-11 09:27 Correspondence/
>>>> -rwxrwx---+ 1 3000000 100  11423 2015-08-18 11:04 testMark.docx*
>>>>
>>>> This user's actual UID is 3000045, as created months ago via Windows
>>> RSAT.
>>>> Confirmed by:
>>>>
>>>> $ wbinfo -i matkeson
>>>> HPRS\matkeson:*:3000045:100:Mark Atkeson:/home/HPRS/matkeson:/bin/false
>>>>
>>>> I did recently upgrade Samba from the originally installed 4.1.0 to
>>> 4.1.17 a
>>>> couple of weeks ago, but I can't really confirm that is when the problem
>>> started
>>>> showing up.  I find files with this 3000000 UID on backups before the
>>> upgrade (I
>>>> think).
>>>>
>>>> This does not affect all users. I find 3 for sure it happens to and 3
>>> for sure
>>>> it does not happen to.
>>>>
>>>> I do have "idmap_ldb:use rfc2307 = yes" set in smb.conf
>>>>
>>>> THX
>>>>

Are you sure this is a Samba problem ? '3000000' is the UID/GID (yes it 
is both) for 'S-1-5-32-544' which is the Administrators group. Are the 
problem users also members of the Administrators group? As far as I am 
aware there is nothing in Samba that sets the permissions of a share 
(apart from Sysvol and this is a special case), you have to set the 
ownership etc somewhere, from the windows security tab for instance, or 
directly on the share dir on the Samba server. I would check the windows 
machines, you may find that the problem lies there.

Rowland




More information about the samba mailing list