[Samba] sudden change GID number on DC

Mueller mueller at tropenklinik.de
Fri Feb 12 08:11:46 UTC 2016 

Hi, look at my thread: 

[Samba] WG: After Upgrade to Samba-4.3.4 on Centos6

The same confusion after upgrading to samba-4.3.4 ( I gave gids to all groups before): Machines sudenly have gids the same as groups:

" It seems the pcs uid number interfere with the goup gids. Where the h.. get the pcs the gid

# id mikrobio2$
uid=3000065(TPLK\mikrobio2$) gid=3000017(TPLK\domain computers) Gruppen=3000017(TPLK\domain computers),3000065(TPLK\mikrobio2$)

getent group mikrobio2$
TPLK\mikrobio2$:x:3000065:TPLK\mikrobio2$
getent group ambshare
TPLK\ambshare:x:3000065:

This results in nirvana :
Ambulanz1 is a share with security= group ambshare rwx [root at s4slave wingroup]# getfacl ambulanz1 # file: ambulanz1 # owner: root # group: root user::rwx user:root:rwx user:TPLK\134guest:rwx group::rwx group:root:rwx group:TPLK\134guest:rwx group:TPLK\134domain\040admins:rwx
group:TPLK\134mikrobio2$:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:TPLK\134guest:rwx
default:group::rwx
default:group:root:---
default:group:TPLK\134guest:rwx
default:group:TPLK\134domain\040admins:rwx
default:group:TPLK\134mikrobio2$:rwx
default:mask::rwx
default:other::--   "





Could only solve that by creating new groups with a much higher gid and change permissions on the shares,

Greetings Daniel 


EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen 
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de 




-----Ursprüngliche Nachricht-----
Von: L.P.H. van Belle [mailto:belle at bazuin.nl] 
Gesendet: Freitag, 12. Februar 2016 08:50
An: samba at lists.samba.org
Betreff: Re: [Samba] sudden change GID number on DC

I also noticed, when i check my shares on my DC. 
DOMAIN\"Domain Admins" 
Changed to DOMAIN\Administrators 
Which is incorrect and should be 
"BUILIN\Administrators" or DOMAIN\"Domain Admins"

I also noticed to following to make it stranger. 

id admin
uid=10000(admin) gid=10000(domain users) groups=10000(domain users),3000059(usb-schrijf-toegang),3000058(usb-lees-toegang),3000008(domain admins),3000005(denied rodc password replication group),3000009(BUILTIN\users),3000000(BUILTIN\administrators)

but my smb.conf has:
        idmap_ldb:use rfc2307 = yes

        ## map id's outside to domain to tdb files.
        idmap config * : backend = tdb
        idmap config * : range = 2000-9999

        ## map ids from the domain and (*) the range may not overlap !
        idmap config DOMAIN : backend = ad
        idmap config DOMAIN : schema_mode = rfc2307
        idmap config DOMAIN : range = 10000-3999999

        # Use to pull UID/GID ( abusing a member setting on a DC here) 
	  # Shell and homedir use the TEMPLATE setting on the dc also. 
        winbind nss info = rfc2307

        winbind trusted domains only = no
        winbind use default domain = yes
        winbind expand groups = 4


and : ( on DC ) 
getent group "domain users"
domain users:x:10000:someuser 
on member serverm, same output. 

Here im missing all my users, this should not be 1 user. 

This is the only correct output.

( from a random member server ) 
id admin
uid=10000(admin) gid=10000(domain users) groups=10000(domain users),10001(domain admins),2001(BUILTIN\users),2000(BUILTIN\administrators)


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van Belle
> Verzonden: vrijdag 12 februari 2016 8:34
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] sudden change GID number on DC
> 
> Hai,
> 
> 
> 
> I just noticed something strange with my group GID assignments.
> 
> 
> 
> This happens on my  DC.
> 
> 
> 
> I have my ?Domain Admins?  ?Domain Users? etc given a GID.
> 
> (im using  ad backend )
> 
> 
> 
> Running
> 
> getent group "domain admins" gives back.
> 
> 
> 
> domain admins:x:3000008:administrator,admin
> 
> 
> 
> But this is fault..  that GID should be 10001
> 
> 
> 
> Anyone noticed this also ?
> 
> 
> 
> After installing the latest 4.2.8 sernet samba?
> 
> I installed 4.2.8 on  5 Feb, before this didnt happen.
> 
> 
> 
> On my member server its still ok.
> 
> 
> 
> getent group "Domain Admins"
> 
> domain admins:x:10001:admin,administrator
> 
> 
> 
> so something changed.
> 
> Anyway, this is for me not a problem, but i what know what happend here or
> what changed in samba.
> 
> But it can explain why more people have problems with the groups and GIDs
> on the DC.
> 
> 
> 
> 
> 
> Greetz,
> 
> 
> 
> Louis
> 
> 
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list