[Samba] Samba4 DC/AD documents created in redirected folders with bogus UID

Rowland Penny rowlandpenny241155 at gmail.com
Thu Aug 20 18:05:09 UTC 2015 

On 20/08/15 18:26, Guilherme Boing wrote:
> Yes, you are correct.
>
> The users where the UID 3000000 was the owner were users that belong to
> Domain Admins group.
> Is this the correct behaviour ? I have other users that are in different
> groups (e.g. Marketing) and whenever they create a new file, their own UID
> shows up as the owner of that file, not the "Marketing" group.
>
> This only happens with Domain Admins ?

You could start here:

http://serverfault.com/questions/19311/file-ownership-for-new-files-with-administrator-why-is-it-giving-ownership-to

Rowland


>
> Thanks.
>
> On Thu, Aug 20, 2015 at 12:04 PM, L.P.H. van Belle <belle at bazuin.nl> wrote:
>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>>> Verzonden: donderdag 20 augustus 2015 16:56
>>> Aan: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] Samba4 DC/AD documents created in
>>> redirected folders with bogus UID
>>>
>>> On 20/08/15 15:24, Mark Foley wrote:
>>>> Guilherme Boing, on 19 Aug 2015 14:31 you wrote:
>>>>
>>>>> I just noticed that my fresh install of Samba 4.2.3 has the
>>> same behaviour.
>>>> Did you get a solution?
>>>>
>>>> Odd, but this topic doesn't seem to be getting much
>>> traction.  I wonder what
>>>> people are using Samba4 for.  Outside of hard-cord
>>> samba-junkies who love
>>>> spending hours testing all kinds of esoteric features, I
>>> think most serious
>>>> Samba4 AD/DC users are like me: small office, single domain
>>> with a dozen-ish
>>>> Windows workstations.  We don't have forests and trees
>>> scattered all over the
>>>> planet.  For us, AD/DC is used for: DNS, DHCP, mail server, Windows
>>>> Authenticated login so users can log into any workstation,
>>> and redirected
>>>> folders so users' desktops follow them to any workstation.
>>>>
>>>> Those are the fundamentals. Other than Windows
>>> Authentication and redirected
>>>> folders, I don't really see the point of Active Directory.
>>>>
>>>> Therefore, for what I consider to be core, real-world Samba4
>>> usage, this problem
>>>> of users' files getting created with the wrong UID seems to
>>> a top-priority bug.
>>>> Any suggestions? Something in smb.conf, nsswitch.conf? A
>>> setting in RSAT?
>>>> --Mark
>>>>
>>>> -----Original Message-----
>>>>> Date: Wed, 19 Aug 2015 14:31:33 -0300
>>>>> From: Guilherme Boing <kolt+samba at frag.com.br>
>>>>> Cc: samba <samba at lists.samba.org>
>>>>> Subject: Re: [Samba] Samba4 DC/AD documents created in
>>> redirected folders  with bogus UID
>>>>> I just noticed that my fresh install of Samba 4.2.3 has the
>>> same behaviour.
>>>>> I have a share (\\samba\it_share)) and some users when
>>> creating files have
>>>>> the UID as 3000000 and some have their correct UIDs.
>>>>> Share permissons are being controlled by Windows ACLs.
>>>>>
>>>>> On Wed, Aug 19, 2015 at 1:58 PM, Mark Foley
>>> <mfoley at novatec-inc.com> wrote:
>>>>>> More information,
>>>>>>
>>>>>> It appears I've had this issue since installing Samba
>>> 4.1.0 about 6 months
>>>>>> ago.
>>>>>> When I add a domain user, the DC resisdent redirected folder gets
>>>>>> synchronized
>>>>>> with the user's desktop with the correct UID.
>>>>>>
>>>>>> For some users, but not all, new "My Documents" get
>>> created with UID
>>>>>> 3000000 on
>>>>>> the DC, not the user's correct ID as shown by wbinfo.  I
>>> haven't been able
>>>>>> to
>>>>>> see a configuration difference between users who are able
>>> to create the
>>>>>> files
>>>>>> with the correct UID and those not.
>>>>>>
>>>>>> I need to figure this out soon. Otherwise, the users get
>>> error messages
>>>>>> like
>>>>>> "Protected View. This file came from the Internet ..."
>>> when trying to open
>>>>>> files
>>>>>> originally sync'd with the correct UID.
>>>>>>
>>>>>> --Mark
>>>>>>
>>>>>> -----Original Message-----
>>>>>>> From: Mark Foley <mfoley at novatec-inc.com>
>>>>>>> Date: Wed, 19 Aug 2015 01:14:03 -0400
>>>>>>> To: samba at lists.samba.org
>>>>>>>
>>>>>>> My up-front apologies if this topic has been covered.
>>> This is my first
>>>>>> time
>>>>>>> using this list and I don't know how to search for
>>> existing topics yet
>>>>>> ...
>>>>>>> I installed Samba4 on Linux Slackware 64 version 14.1
>>> about 6 months
>>>>>> ago. I set
>>>>>>> up redirected folders for the Windows 7 Workstation
>>> users. All worked
>>>>>> fine until
>>>>>>> recently. Now, when several of the users create documents
>>> and folders on
>>>>>> their
>>>>>>> "Desktop" (redirected to the DC) they are being created with UID
>>>>>> 3000000, which
>>>>>>> is not a configured UID. For example:
>>>>>>>
>>>>>>> $ ls -ltrn "/redirectedFolders/Users/matkeson/My Documents"
>>>>>>> -rwxrwx---+ 1 3000045 100  27648 2015-07-30 07:17 Accounts\
>>>>>> 7-1-2015.docx*
>>>>>>> drwxrwx---+ 2 3000045 100   4096 2015-08-11 09:27 Correspondence/
>>>>>>> -rwxrwx---+ 1 3000000 100  11423 2015-08-18 11:04 testMark.docx*
>>>>>>>
>>>>>>> This user's actual UID is 3000045, as created months ago
>>> via Windows
>>>>>> RSAT.
>>>>>>> Confirmed by:
>>>>>>>
>>>>>>> $ wbinfo -i matkeson
>>>>>>> HPRS\matkeson:*:3000045:100:Mark
>>> Atkeson:/home/HPRS/matkeson:/bin/false
>>>>>>> I did recently upgrade Samba from the originally
>>> installed 4.1.0 to
>>>>>> 4.1.17 a
>>>>>>> couple of weeks ago, but I can't really confirm that is
>>> when the problem
>>>>>> started
>>>>>>> showing up.  I find files with this 3000000 UID on
>>> backups before the
>>>>>> upgrade (I
>>>>>>> think).
>>>>>>>
>>>>>>> This does not affect all users. I find 3 for sure it
>>> happens to and 3
>>>>>> for sure
>>>>>>> it does not happen to.
>>>>>>>
>>>>>>> I do have "idmap_ldb:use rfc2307 = yes" set in smb.conf
>>>>>>>
>>>>>>> THX
>>>>>>>
>>> Are you sure this is a Samba problem ? '3000000' is the
>>> UID/GID (yes it
>>> is both) for 'S-1-5-32-544' which is the Administrators group. Are the
>>> problem users also members of the Administrators group? As far as I am
>>> aware there is nothing in Samba that sets the permissions of a share
>>> (apart from Sysvol and this is a special case), you have to set the
>>> ownership etc somewhere, from the windows security tab for
>>> instance, or
>>> directly on the share dir on the Samba server. I would check
>>> the windows
>>> machines, you may find that the problem lies there.
>>>
>>> Rowland
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>>
>> Ah..
>> If thats the case..
>>
>> I bet, the following, these 2 users... the speak of..
>>
>> one has "Domain Admins" as primary group
>> the other "Domain Users" as primary group
>>
>> If that the case, set all user to "Domain Users" as primary group in the
>> UNIX tab
>>
>> and NEVER work as Admin/Administrator, always as a user.
>> If you for some reason are working as Admin/Administrator,
>> then your doing something wrong, is it not needed, ever imo !
>>
>> and if your only using windows computer/users,
>> set this in your shares :
>> acl_xattr:ignore system acl = yes
>> read the man smb.conf what it does.
>>
>>
>> Greet,
>>
>> Louis
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>

More information about the samba mailing list