[Samba] Samba4 DC/AD documents created in redirected folders with bogus UID
L.P.H. van Belle
belle at bazuin.nl
Thu Aug 20 14:56:28 UTC 2015
>Those are the fundamentals. Other than Windows Authentication
>and redirected
>folders, I don't really see the point of Active Directory.
I use Active Directory Group policies for:
settings in windows
folder redirects
printer distribution base on user or group..
software installations base on user or group..
and Single Sign On for multple systems, windows and linux.
a nice to know a cryptovirus protection set in group policies.
( works agains most malware )
So lets have al look for you,
post your :
smb.conf
nsswitch.conf
idmap.conf ( if you have it, depends on what your doing and using )
id Administrator
id anyuser (no admin, with uid/gid )
getent passwd
getent group
getent group "Domain Users"
getent group "Domain Admins"
wbinfo -u
wbinfo -g
wbinfo -p
wbinfo -t
cat /etc/pam.d/common-password
from here we have a starter to help out.
( out of office in 5 min, i have a look tomorrow )
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: samba [mailto:samba-bounces at lists.samba.org] Namens Mark Foley
>Verzonden: donderdag 20 augustus 2015 16:24
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] Samba4 DC/AD documents created in
>redirected folders with bogus UID
>
>Guilherme Boing, on 19 Aug 2015 14:31 you wrote:
>
>> I just noticed that my fresh install of Samba 4.2.3 has the
>same behaviour.
>
>Did you get a solution?
>
>Odd, but this topic doesn't seem to be getting much traction.
>I wonder what
>people are using Samba4 for. Outside of hard-cord
>samba-junkies who love
>spending hours testing all kinds of esoteric features, I think
>most serious
>Samba4 AD/DC users are like me: small office, single domain
>with a dozen-ish
>Windows workstations. We don't have forests and trees
>scattered all over the
>planet. For us, AD/DC is used for: DNS, DHCP, mail server, Windows
>Authenticated login so users can log into any workstation, and
>redirected
>folders so users' desktops follow them to any workstation.
>
>Those are the fundamentals. Other than Windows Authentication
>and redirected
>folders, I don't really see the point of Active Directory.
>
>Therefore, for what I consider to be core, real-world Samba4
>usage, this problem
>of users' files getting created with the wrong UID seems to a
>top-priority bug.
>
>Any suggestions? Something in smb.conf, nsswitch.conf? A
>setting in RSAT?
>
>--Mark
>
>-----Original Message-----
>> Date: Wed, 19 Aug 2015 14:31:33 -0300
>> From: Guilherme Boing <kolt+samba at frag.com.br>
>> Cc: samba <samba at lists.samba.org>
>> Subject: Re: [Samba] Samba4 DC/AD documents created in
>redirected folders with bogus UID
>>
>> I just noticed that my fresh install of Samba 4.2.3 has the
>same behaviour.
>>
>> I have a share (\\samba\it_share)) and some users when
>creating files have
>> the UID as 3000000 and some have their correct UIDs.
>> Share permissons are being controlled by Windows ACLs.
>>
>> On Wed, Aug 19, 2015 at 1:58 PM, Mark Foley
><mfoley at novatec-inc.com> wrote:
>>
>>> More information,
>>>
>>> It appears I've had this issue since installing Samba 4.1.0
>about 6 months
>>> ago.
>>> When I add a domain user, the DC resisdent redirected folder gets
>>> synchronized
>>> with the user's desktop with the correct UID.
>>>
>>> For some users, but not all, new "My Documents" get created with UID
>>> 3000000 on
>>> the DC, not the user's correct ID as shown by wbinfo. I
>haven't been able
>>> to
>>> see a configuration difference between users who are able
>to create the
>>> files
>>> with the correct UID and those not.
>>>
>>> I need to figure this out soon. Otherwise, the users get
>error messages
>>> like
>>> "Protected View. This file came from the Internet ..." when
>trying to open
>>> files
>>> originally sync'd with the correct UID.
>>>
>>> --Mark
>>>
>>> -----Original Message-----
>>> > From: Mark Foley <mfoley at novatec-inc.com>
>>> > Date: Wed, 19 Aug 2015 01:14:03 -0400
>>> > To: samba at lists.samba.org
>>> >
>>> > My up-front apologies if this topic has been covered.
>This is my first
>>> time
>>> > using this list and I don't know how to search for
>existing topics yet
>>> ...
>>> >
>>> > I installed Samba4 on Linux Slackware 64 version 14.1
>about 6 months
>>> ago. I set
>>> > up redirected folders for the Windows 7 Workstation
>users. All worked
>>> fine until
>>> > recently. Now, when several of the users create documents
>and folders on
>>> their
>>> > "Desktop" (redirected to the DC) they are being created with UID
>>> 3000000, which
>>> > is not a configured UID. For example:
>>> >
>>> > $ ls -ltrn "/redirectedFolders/Users/matkeson/My Documents"
>>> > -rwxrwx---+ 1 3000045 100 27648 2015-07-30 07:17 Accounts\
>>> 7-1-2015.docx*
>>> > drwxrwx---+ 2 3000045 100 4096 2015-08-11 09:27 Correspondence/
>>> > -rwxrwx---+ 1 3000000 100 11423 2015-08-18 11:04 testMark.docx*
>>> >
>>> > This user's actual UID is 3000045, as created months ago
>via Windows
>>> RSAT.
>>> > Confirmed by:
>>> >
>>> > $ wbinfo -i matkeson
>>> > HPRS\matkeson:*:3000045:100:Mark
>Atkeson:/home/HPRS/matkeson:/bin/false
>>> >
>>> > I did recently upgrade Samba from the originally
>installed 4.1.0 to
>>> 4.1.17 a
>>> > couple of weeks ago, but I can't really confirm that is
>when the problem
>>> started
>>> > showing up. I find files with this 3000000 UID on
>backups before the
>>> upgrade (I
>>> > think).
>>> >
>>> > This does not affect all users. I find 3 for sure it
>happens to and 3
>>> for sure
>>> > it does not happen to.
>>> >
>>> > I do have "idmap_ldb:use rfc2307 = yes" set in smb.conf
>>> >
>>> > THX
>>> >
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list