[Samba] id username output ADDC and Member.

Wed Jun 29 06:15:51 UTC 2016

Hi Rowland, 

Yes, thats done, the domain user exist on both servers in local sudo group. 
But why do i see much more groups on the ADDC, and even groups where this user is NOT member of, like 3000005(NTDOMAIN\denied rodc password replication group).

See .. 2x 
3000005(NTDOMAIN\denied rodc password replication group
3000005(NTDOMAIN\denied rodc password replication group

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: Rowland penny [mailto:rpenny at samba.org]
> Verzonden: dinsdag 28 juni 2016 17:23
> Aan: L.P.H. van Belle
> Onderwerp: Re: [Samba] id username output ADDC and Member.
> 
> On 28/06/16 16:00, L.P.H. van Belle wrote:
> >> I love diving : )
> >>
> > Ok mathias,
> >
> > Can you explain this.
> > This i dont get....
> >
> > Why is this output so different, and i dont mean the difference with
> NTDOMAIN\..
> >
> > See the groups differences...   between a ADDC and a member server..
> >
> >
> > Samba 4.4.3 ADDC
> > id someusername
> >
> > uid=10002(NTDOMAIN\someusername) gid=10000(NTDOMAIN\domain users)
> groups=10000(NTDOMAIN\domain users),3000053(NTDOMAIN\sng-certificaat-
> gpo),10005(NTDOMAIN\remote-webmail),
> > 3000058(NTDOMAIN\usb-lees-toegang),10003(NTDOMAIN\server-
> aftermath),10008(NTDOMAIN\servers-www),3000154(NTDOMAIN\remote-
> xenservers),
> > 3000118(NTDOMAIN\cddvd-schrijf-toegang),3000030(NTDOMAIN\remote-toegang-
> pcs),3000117(NTDOMAIN\cddvd-lees-toegang),3000059(NTDOMAIN\usb-schrijf-
> toegang),
> > 3000148(NTDOMAIN\gitslinux-gebruikers),3000043(NTDOMAIN\afd-
> itdep),3000173(NTDOMAIN\dnsadmins),3000038(NTDOMAIN\vest-
> rotterdam),3000039(NTDOMAIN\allen),
> > 3000065(NTDOMAIN\vertrouwde-
> websites),3000040(NTDOMAIN\boven),3000004(NTDOMAIN\group policy creator
> owners),3000005(NTDOMAIN\denied rodc password replication group),
> > 10004(NTDOMAIN\servers-ssh),3000174(NTDOMAIN\lokaleprinter-
> xerox11hp),3000176(NTDOMAIN\alle-schijftoegang),3000005(NTDOMAIN\denied
> rodc password replication group),
> > 3000173(NTDOMAIN\dnsadmins),3000009(BUILTIN\users)
> >
> >
> > Samba 4.4.3 Member server.
> > id someusername
> >
> > uid=10002(someusername) gid=10000(domain users) groups=10000(domain
> users),27(sudo),116(lpadmin),10005(remote-webmail),10003(server-
> aftermath),
> > 10008(servers-www),10004(servers-ssh),10009(alle-
> schijftoegang),2001(BUILTIN\users)
> >
> >
> > Now if i add this user on the member server in the sudo group...
> > you see : 27(sudo)
> >
> > same on the ADDC, nothing .. but the use IS added to the local group
> sudo.
> > I checked the /etc/group
> >
> > Very strange imo..
> >
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >
> 
> Hi Louis, No, not strange, you need to add the user with the DOMAIN to
> the sudo group on the DC
> i.e. useradd SAMDOM/rowland sudo
> 
> root at dc1:~# id rowland
> uid=10000(SAMDOM\rowland) gid=10000(SAMDOM\domain users)
> groups=10000(SAMDOM\domain
> users),27(sudo),3000025(SAMDOM\dnsadmins),3000009(BUILTIN\users)
> 
> Lets see if Mathias knows :-)
> 
> Rowland