[Samba] Samba4 DC/AD documents created in redirected folders with bogus UID

Guilherme Boing kolt+samba at frag.com.br
Thu Aug 20 18:10:38 UTC 2015


Good to know that this is not a bug.

Thank you!

On Thu, Aug 20, 2015 at 3:05 PM, Rowland Penny <rowlandpenny241155 at gmail.com
> wrote:

> On 20/08/15 18:26, Guilherme Boing wrote:
>
>> Yes, you are correct.
>>
>> The users where the UID 3000000 was the owner were users that belong to
>> Domain Admins group.
>> Is this the correct behaviour ? I have other users that are in different
>> groups (e.g. Marketing) and whenever they create a new file, their own UID
>> shows up as the owner of that file, not the "Marketing" group.
>>
>> This only happens with Domain Admins ?
>>
>
> You could start here:
>
>
> http://serverfault.com/questions/19311/file-ownership-for-new-files-with-administrator-why-is-it-giving-ownership-to
>
> Rowland
>
>
>
>
>> Thanks.
>>
>> On Thu, Aug 20, 2015 at 12:04 PM, L.P.H. van Belle <belle at bazuin.nl>
>> wrote:
>>
>>
>>> -----Oorspronkelijk bericht-----
>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>>>> Verzonden: donderdag 20 augustus 2015 16:56
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: Re: [Samba] Samba4 DC/AD documents created in
>>>> redirected folders with bogus UID
>>>>
>>>> On 20/08/15 15:24, Mark Foley wrote:
>>>>
>>>>> Guilherme Boing, on 19 Aug 2015 14:31 you wrote:
>>>>>
>>>>> I just noticed that my fresh install of Samba 4.2.3 has the
>>>>>>
>>>>> same behaviour.
>>>>
>>>>> Did you get a solution?
>>>>>
>>>>> Odd, but this topic doesn't seem to be getting much
>>>>>
>>>> traction.  I wonder what
>>>>
>>>>> people are using Samba4 for.  Outside of hard-cord
>>>>>
>>>> samba-junkies who love
>>>>
>>>>> spending hours testing all kinds of esoteric features, I
>>>>>
>>>> think most serious
>>>>
>>>>> Samba4 AD/DC users are like me: small office, single domain
>>>>>
>>>> with a dozen-ish
>>>>
>>>>> Windows workstations.  We don't have forests and trees
>>>>>
>>>> scattered all over the
>>>>
>>>>> planet.  For us, AD/DC is used for: DNS, DHCP, mail server, Windows
>>>>> Authenticated login so users can log into any workstation,
>>>>>
>>>> and redirected
>>>>
>>>>> folders so users' desktops follow them to any workstation.
>>>>>
>>>>> Those are the fundamentals. Other than Windows
>>>>>
>>>> Authentication and redirected
>>>>
>>>>> folders, I don't really see the point of Active Directory.
>>>>>
>>>>> Therefore, for what I consider to be core, real-world Samba4
>>>>>
>>>> usage, this problem
>>>>
>>>>> of users' files getting created with the wrong UID seems to
>>>>>
>>>> a top-priority bug.
>>>>
>>>>> Any suggestions? Something in smb.conf, nsswitch.conf? A
>>>>>
>>>> setting in RSAT?
>>>>
>>>>> --Mark
>>>>>
>>>>> -----Original Message-----
>>>>>
>>>>>> Date: Wed, 19 Aug 2015 14:31:33 -0300
>>>>>> From: Guilherme Boing <kolt+samba at frag.com.br>
>>>>>> Cc: samba <samba at lists.samba.org>
>>>>>> Subject: Re: [Samba] Samba4 DC/AD documents created in
>>>>>>
>>>>> redirected folders  with bogus UID
>>>>
>>>>> I just noticed that my fresh install of Samba 4.2.3 has the
>>>>>>
>>>>> same behaviour.
>>>>
>>>>> I have a share (\\samba\it_share)) and some users when
>>>>>>
>>>>> creating files have
>>>>
>>>>> the UID as 3000000 and some have their correct UIDs.
>>>>>> Share permissons are being controlled by Windows ACLs.
>>>>>>
>>>>>> On Wed, Aug 19, 2015 at 1:58 PM, Mark Foley
>>>>>>
>>>>> <mfoley at novatec-inc.com> wrote:
>>>>
>>>>> More information,
>>>>>>>
>>>>>>> It appears I've had this issue since installing Samba
>>>>>>>
>>>>>> 4.1.0 about 6 months
>>>>
>>>>> ago.
>>>>>>> When I add a domain user, the DC resisdent redirected folder gets
>>>>>>> synchronized
>>>>>>> with the user's desktop with the correct UID.
>>>>>>>
>>>>>>> For some users, but not all, new "My Documents" get
>>>>>>>
>>>>>> created with UID
>>>>
>>>>> 3000000 on
>>>>>>> the DC, not the user's correct ID as shown by wbinfo.  I
>>>>>>>
>>>>>> haven't been able
>>>>
>>>>> to
>>>>>>> see a configuration difference between users who are able
>>>>>>>
>>>>>> to create the
>>>>
>>>>> files
>>>>>>> with the correct UID and those not.
>>>>>>>
>>>>>>> I need to figure this out soon. Otherwise, the users get
>>>>>>>
>>>>>> error messages
>>>>
>>>>> like
>>>>>>> "Protected View. This file came from the Internet ..."
>>>>>>>
>>>>>> when trying to open
>>>>
>>>>> files
>>>>>>> originally sync'd with the correct UID.
>>>>>>>
>>>>>>> --Mark
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>>
>>>>>>>> From: Mark Foley <mfoley at novatec-inc.com>
>>>>>>>> Date: Wed, 19 Aug 2015 01:14:03 -0400
>>>>>>>> To: samba at lists.samba.org
>>>>>>>>
>>>>>>>> My up-front apologies if this topic has been covered.
>>>>>>>>
>>>>>>> This is my first
>>>>
>>>>> time
>>>>>>>
>>>>>>>> using this list and I don't know how to search for
>>>>>>>>
>>>>>>> existing topics yet
>>>>
>>>>> ...
>>>>>>>
>>>>>>>> I installed Samba4 on Linux Slackware 64 version 14.1
>>>>>>>>
>>>>>>> about 6 months
>>>>
>>>>> ago. I set
>>>>>>>
>>>>>>>> up redirected folders for the Windows 7 Workstation
>>>>>>>>
>>>>>>> users. All worked
>>>>
>>>>> fine until
>>>>>>>
>>>>>>>> recently. Now, when several of the users create documents
>>>>>>>>
>>>>>>> and folders on
>>>>
>>>>> their
>>>>>>>
>>>>>>>> "Desktop" (redirected to the DC) they are being created with UID
>>>>>>>>
>>>>>>> 3000000, which
>>>>>>>
>>>>>>>> is not a configured UID. For example:
>>>>>>>>
>>>>>>>> $ ls -ltrn "/redirectedFolders/Users/matkeson/My Documents"
>>>>>>>> -rwxrwx---+ 1 3000045 100  27648 2015-07-30 07:17 Accounts\
>>>>>>>>
>>>>>>> 7-1-2015.docx*
>>>>>>>
>>>>>>>> drwxrwx---+ 2 3000045 100   4096 2015-08-11 09:27 Correspondence/
>>>>>>>> -rwxrwx---+ 1 3000000 100  11423 2015-08-18 11:04 testMark.docx*
>>>>>>>>
>>>>>>>> This user's actual UID is 3000045, as created months ago
>>>>>>>>
>>>>>>> via Windows
>>>>
>>>>> RSAT.
>>>>>>>
>>>>>>>> Confirmed by:
>>>>>>>>
>>>>>>>> $ wbinfo -i matkeson
>>>>>>>> HPRS\matkeson:*:3000045:100:Mark
>>>>>>>>
>>>>>>> Atkeson:/home/HPRS/matkeson:/bin/false
>>>>
>>>>> I did recently upgrade Samba from the originally
>>>>>>>>
>>>>>>> installed 4.1.0 to
>>>>
>>>>> 4.1.17 a
>>>>>>>
>>>>>>>> couple of weeks ago, but I can't really confirm that is
>>>>>>>>
>>>>>>> when the problem
>>>>
>>>>> started
>>>>>>>
>>>>>>>> showing up.  I find files with this 3000000 UID on
>>>>>>>>
>>>>>>> backups before the
>>>>
>>>>> upgrade (I
>>>>>>>
>>>>>>>> think).
>>>>>>>>
>>>>>>>> This does not affect all users. I find 3 for sure it
>>>>>>>>
>>>>>>> happens to and 3
>>>>
>>>>> for sure
>>>>>>>
>>>>>>>> it does not happen to.
>>>>>>>>
>>>>>>>> I do have "idmap_ldb:use rfc2307 = yes" set in smb.conf
>>>>>>>>
>>>>>>>> THX
>>>>>>>>
>>>>>>>> Are you sure this is a Samba problem ? '3000000' is the
>>>> UID/GID (yes it
>>>> is both) for 'S-1-5-32-544' which is the Administrators group. Are the
>>>> problem users also members of the Administrators group? As far as I am
>>>> aware there is nothing in Samba that sets the permissions of a share
>>>> (apart from Sysvol and this is a special case), you have to set the
>>>> ownership etc somewhere, from the windows security tab for
>>>> instance, or
>>>> directly on the share dir on the Samba server. I would check
>>>> the windows
>>>> machines, you may find that the problem lies there.
>>>>
>>>> Rowland
>>>>
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>>> Ah..
>>> If thats the case..
>>>
>>> I bet, the following, these 2 users... the speak of..
>>>
>>> one has "Domain Admins" as primary group
>>> the other "Domain Users" as primary group
>>>
>>> If that the case, set all user to "Domain Users" as primary group in the
>>> UNIX tab
>>>
>>> and NEVER work as Admin/Administrator, always as a user.
>>> If you for some reason are working as Admin/Administrator,
>>> then your doing something wrong, is it not needed, ever imo !
>>>
>>> and if your only using windows computer/users,
>>> set this in your shares :
>>> acl_xattr:ignore system acl = yes
>>> read the man smb.conf what it does.
>>>
>>>
>>> Greet,
>>>
>>> Louis
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list