[Samba] sudden change GID number on DC

L.P.H. van Belle belle at bazuin.nl
Fri Feb 12 07:50:19 UTC 2016 

I also noticed, when i check my shares on my DC. 
DOMAIN\"Domain Admins" 
Changed to DOMAIN\Administrators 
Which is incorrect and should be 
"BUILIN\Administrators" or DOMAIN\"Domain Admins"

I also noticed to following to make it stranger. 

id admin
uid=10000(admin) gid=10000(domain users) groups=10000(domain users),3000059(usb-schrijf-toegang),3000058(usb-lees-toegang),3000008(domain admins),3000005(denied rodc password replication group),3000009(BUILTIN\users),3000000(BUILTIN\administrators)

but my smb.conf has:
        idmap_ldb:use rfc2307 = yes

        ## map id's outside to domain to tdb files.
        idmap config * : backend = tdb
        idmap config * : range = 2000-9999

        ## map ids from the domain and (*) the range may not overlap !
        idmap config DOMAIN : backend = ad
        idmap config DOMAIN : schema_mode = rfc2307
        idmap config DOMAIN : range = 10000-3999999

        # Use to pull UID/GID ( abusing a member setting on a DC here) 
	  # Shell and homedir use the TEMPLATE setting on the dc also. 
        winbind nss info = rfc2307

        winbind trusted domains only = no
        winbind use default domain = yes
        winbind expand groups = 4


and : ( on DC ) 
getent group "domain users"
domain users:x:10000:someuser 
on member serverm, same output. 

Here im missing all my users, this should not be 1 user. 

This is the only correct output.

( from a random member server ) 
id admin
uid=10000(admin) gid=10000(domain users) groups=10000(domain users),10001(domain admins),2001(BUILTIN\users),2000(BUILTIN\administrators)


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van Belle
> Verzonden: vrijdag 12 februari 2016 8:34
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] sudden change GID number on DC
> 
> Hai,
> 
> 
> 
> I just noticed something strange with my group GID assignments.
> 
> 
> 
> This happens on my  DC.
> 
> 
> 
> I have my ?Domain Admins?  ?Domain Users? etc given a GID.
> 
> (im using  ad backend )
> 
> 
> 
> Running
> 
> getent group "domain admins" gives back.
> 
> 
> 
> domain admins:x:3000008:administrator,admin
> 
> 
> 
> But this is fault..  that GID should be 10001
> 
> 
> 
> Anyone noticed this also ?
> 
> 
> 
> After installing the latest 4.2.8 sernet samba?
> 
> I installed 4.2.8 on  5 Feb, before this didnt happen.
> 
> 
> 
> On my member server its still ok.
> 
> 
> 
> getent group "Domain Admins"
> 
> domain admins:x:10001:admin,administrator
> 
> 
> 
> so something changed.
> 
> Anyway, this is for me not a problem, but i what know what happend here or
> what changed in samba.
> 
> But it can explain why more people have problems with the groups and GIDs
> on the DC.
> 
> 
> 
> 
> 
> Greetz,
> 
> 
> 
> Louis
> 
> 
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list