[Samba] Samba4 DC/AD documents created in redirected folders with bogus UID

Guilherme Boing kolt+samba at frag.com.br
Thu Aug 20 17:26:38 UTC 2015 

Yes, you are correct.

The users where the UID 3000000 was the owner were users that belong to
Domain Admins group.
Is this the correct behaviour ? I have other users that are in different
groups (e.g. Marketing) and whenever they create a new file, their own UID
shows up as the owner of that file, not the "Marketing" group.

This only happens with Domain Admins ?

Thanks.

On Thu, Aug 20, 2015 at 12:04 PM, L.P.H. van Belle <belle at bazuin.nl> wrote:

>
>
> >-----Oorspronkelijk bericht-----
> >Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
> >Verzonden: donderdag 20 augustus 2015 16:56
> >Aan: samba at lists.samba.org
> >Onderwerp: Re: [Samba] Samba4 DC/AD documents created in
> >redirected folders with bogus UID
> >
> >On 20/08/15 15:24, Mark Foley wrote:
> >> Guilherme Boing, on 19 Aug 2015 14:31 you wrote:
> >>
> >>> I just noticed that my fresh install of Samba 4.2.3 has the
> >same behaviour.
> >> Did you get a solution?
> >>
> >> Odd, but this topic doesn't seem to be getting much
> >traction.  I wonder what
> >> people are using Samba4 for.  Outside of hard-cord
> >samba-junkies who love
> >> spending hours testing all kinds of esoteric features, I
> >think most serious
> >> Samba4 AD/DC users are like me: small office, single domain
> >with a dozen-ish
> >> Windows workstations.  We don't have forests and trees
> >scattered all over the
> >> planet.  For us, AD/DC is used for: DNS, DHCP, mail server, Windows
> >> Authenticated login so users can log into any workstation,
> >and redirected
> >> folders so users' desktops follow them to any workstation.
> >>
> >> Those are the fundamentals. Other than Windows
> >Authentication and redirected
> >> folders, I don't really see the point of Active Directory.
> >>
> >> Therefore, for what I consider to be core, real-world Samba4
> >usage, this problem
> >> of users' files getting created with the wrong UID seems to
> >a top-priority bug.
> >>
> >> Any suggestions? Something in smb.conf, nsswitch.conf? A
> >setting in RSAT?
> >>
> >> --Mark
> >>
> >> -----Original Message-----
> >>> Date: Wed, 19 Aug 2015 14:31:33 -0300
> >>> From: Guilherme Boing <kolt+samba at frag.com.br>
> >>> Cc: samba <samba at lists.samba.org>
> >>> Subject: Re: [Samba] Samba4 DC/AD documents created in
> >redirected folders  with bogus UID
> >>>
> >>> I just noticed that my fresh install of Samba 4.2.3 has the
> >same behaviour.
> >>>
> >>> I have a share (\\samba\it_share)) and some users when
> >creating files have
> >>> the UID as 3000000 and some have their correct UIDs.
> >>> Share permissons are being controlled by Windows ACLs.
> >>>
> >>> On Wed, Aug 19, 2015 at 1:58 PM, Mark Foley
> ><mfoley at novatec-inc.com> wrote:
> >>>
> >>>> More information,
> >>>>
> >>>> It appears I've had this issue since installing Samba
> >4.1.0 about 6 months
> >>>> ago.
> >>>> When I add a domain user, the DC resisdent redirected folder gets
> >>>> synchronized
> >>>> with the user's desktop with the correct UID.
> >>>>
> >>>> For some users, but not all, new "My Documents" get
> >created with UID
> >>>> 3000000 on
> >>>> the DC, not the user's correct ID as shown by wbinfo.  I
> >haven't been able
> >>>> to
> >>>> see a configuration difference between users who are able
> >to create the
> >>>> files
> >>>> with the correct UID and those not.
> >>>>
> >>>> I need to figure this out soon. Otherwise, the users get
> >error messages
> >>>> like
> >>>> "Protected View. This file came from the Internet ..."
> >when trying to open
> >>>> files
> >>>> originally sync'd with the correct UID.
> >>>>
> >>>> --Mark
> >>>>
> >>>> -----Original Message-----
> >>>>> From: Mark Foley <mfoley at novatec-inc.com>
> >>>>> Date: Wed, 19 Aug 2015 01:14:03 -0400
> >>>>> To: samba at lists.samba.org
> >>>>>
> >>>>> My up-front apologies if this topic has been covered.
> >This is my first
> >>>> time
> >>>>> using this list and I don't know how to search for
> >existing topics yet
> >>>> ...
> >>>>> I installed Samba4 on Linux Slackware 64 version 14.1
> >about 6 months
> >>>> ago. I set
> >>>>> up redirected folders for the Windows 7 Workstation
> >users. All worked
> >>>> fine until
> >>>>> recently. Now, when several of the users create documents
> >and folders on
> >>>> their
> >>>>> "Desktop" (redirected to the DC) they are being created with UID
> >>>> 3000000, which
> >>>>> is not a configured UID. For example:
> >>>>>
> >>>>> $ ls -ltrn "/redirectedFolders/Users/matkeson/My Documents"
> >>>>> -rwxrwx---+ 1 3000045 100  27648 2015-07-30 07:17 Accounts\
> >>>> 7-1-2015.docx*
> >>>>> drwxrwx---+ 2 3000045 100   4096 2015-08-11 09:27 Correspondence/
> >>>>> -rwxrwx---+ 1 3000000 100  11423 2015-08-18 11:04 testMark.docx*
> >>>>>
> >>>>> This user's actual UID is 3000045, as created months ago
> >via Windows
> >>>> RSAT.
> >>>>> Confirmed by:
> >>>>>
> >>>>> $ wbinfo -i matkeson
> >>>>> HPRS\matkeson:*:3000045:100:Mark
> >Atkeson:/home/HPRS/matkeson:/bin/false
> >>>>>
> >>>>> I did recently upgrade Samba from the originally
> >installed 4.1.0 to
> >>>> 4.1.17 a
> >>>>> couple of weeks ago, but I can't really confirm that is
> >when the problem
> >>>> started
> >>>>> showing up.  I find files with this 3000000 UID on
> >backups before the
> >>>> upgrade (I
> >>>>> think).
> >>>>>
> >>>>> This does not affect all users. I find 3 for sure it
> >happens to and 3
> >>>> for sure
> >>>>> it does not happen to.
> >>>>>
> >>>>> I do have "idmap_ldb:use rfc2307 = yes" set in smb.conf
> >>>>>
> >>>>> THX
> >>>>>
> >
> >Are you sure this is a Samba problem ? '3000000' is the
> >UID/GID (yes it
> >is both) for 'S-1-5-32-544' which is the Administrators group. Are the
> >problem users also members of the Administrators group? As far as I am
> >aware there is nothing in Samba that sets the permissions of a share
> >(apart from Sysvol and this is a special case), you have to set the
> >ownership etc somewhere, from the windows security tab for
> >instance, or
> >directly on the share dir on the Samba server. I would check
> >the windows
> >machines, you may find that the problem lies there.
> >
> >Rowland
> >
> >
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
>
> Ah..
> If thats the case..
>
> I bet, the following, these 2 users... the speak of..
>
> one has "Domain Admins" as primary group
> the other "Domain Users" as primary group
>
> If that the case, set all user to "Domain Users" as primary group in the
> UNIX tab
>
> and NEVER work as Admin/Administrator, always as a user.
> If you for some reason are working as Admin/Administrator,
> then your doing something wrong, is it not needed, ever imo !
>
> and if your only using windows computer/users,
> set this in your shares :
> acl_xattr:ignore system acl = yes
> read the man smb.conf what it does.
>
>
> Greet,
>
> Louis
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list