[Samba] id username output ADDC and Member.

mathias dufresne infractory at gmail.com
Thu Jun 30 09:01:11 UTC 2016


Hi Louis,

I expect you have already checked that but in case of: aren't they some
nested groups?

If they are not, perhaps a look into idmap.ldb to verify that uid=10002 is
not used by several users (your real user + some old entry into idmap)

I don't believe to much in that but as said, just in case...

2016-06-29 8:15 GMT+02:00 L.P.H. van Belle <belle at bazuin.nl>:

> Hi Rowland,
>
> Yes, thats done, the domain user exist on both servers in local sudo group.
> But why do i see much more groups on the ADDC, and even groups where this
> user is NOT member of, like 3000005(NTDOMAIN\denied rodc password
> replication group).
>
> See .. 2x
> 3000005(NTDOMAIN\denied rodc password replication group
> 3000005(NTDOMAIN\denied rodc password replication group
>
> Greetz,
>
> Louis
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: Rowland penny [mailto:rpenny at samba.org]
> > Verzonden: dinsdag 28 juni 2016 17:23
> > Aan: L.P.H. van Belle
> > Onderwerp: Re: [Samba] id username output ADDC and Member.
> >
> > On 28/06/16 16:00, L.P.H. van Belle wrote:
> > >> I love diving : )
> > >>
> > > Ok mathias,
> > >
> > > Can you explain this.
> > > This i dont get....
> > >
> > > Why is this output so different, and i dont mean the difference with
> > NTDOMAIN\..
> > >
> > > See the groups differences...   between a ADDC and a member server..
> > >
> > >
> > > Samba 4.4.3 ADDC
> > > id someusername
> > >
> > > uid=10002(NTDOMAIN\someusername) gid=10000(NTDOMAIN\domain users)
> > groups=10000(NTDOMAIN\domain users),3000053(NTDOMAIN\sng-certificaat-
> > gpo),10005(NTDOMAIN\remote-webmail),
> > > 3000058(NTDOMAIN\usb-lees-toegang),10003(NTDOMAIN\server-
> > aftermath),10008(NTDOMAIN\servers-www),3000154(NTDOMAIN\remote-
> > xenservers),
> > >
> 3000118(NTDOMAIN\cddvd-schrijf-toegang),3000030(NTDOMAIN\remote-toegang-
> > pcs),3000117(NTDOMAIN\cddvd-lees-toegang),3000059(NTDOMAIN\usb-schrijf-
> > toegang),
> > > 3000148(NTDOMAIN\gitslinux-gebruikers),3000043(NTDOMAIN\afd-
> > itdep),3000173(NTDOMAIN\dnsadmins),3000038(NTDOMAIN\vest-
> > rotterdam),3000039(NTDOMAIN\allen),
> > > 3000065(NTDOMAIN\vertrouwde-
> > websites),3000040(NTDOMAIN\boven),3000004(NTDOMAIN\group policy creator
> > owners),3000005(NTDOMAIN\denied rodc password replication group),
> > > 10004(NTDOMAIN\servers-ssh),3000174(NTDOMAIN\lokaleprinter-
> > xerox11hp),3000176(NTDOMAIN\alle-schijftoegang),3000005(NTDOMAIN\denied
> > rodc password replication group),
> > > 3000173(NTDOMAIN\dnsadmins),3000009(BUILTIN\users)
> > >
> > >
> > > Samba 4.4.3 Member server.
> > > id someusername
> > >
> > > uid=10002(someusername) gid=10000(domain users) groups=10000(domain
> > users),27(sudo),116(lpadmin),10005(remote-webmail),10003(server-
> > aftermath),
> > > 10008(servers-www),10004(servers-ssh),10009(alle-
> > schijftoegang),2001(BUILTIN\users)
> > >
> > >
> > > Now if i add this user on the member server in the sudo group...
> > > you see : 27(sudo)
> > >
> > > same on the ADDC, nothing .. but the use IS added to the local group
> > sudo.
> > > I checked the /etc/group
> > >
> > > Very strange imo..
> > >
> > >
> > >
> > > Greetz,
> > >
> > > Louis
> > >
> > >
> > >
> >
> > Hi Louis, No, not strange, you need to add the user with the DOMAIN to
> > the sudo group on the DC
> > i.e. useradd SAMDOM/rowland sudo
> >
> > root at dc1:~# id rowland
> > uid=10000(SAMDOM\rowland) gid=10000(SAMDOM\domain users)
> > groups=10000(SAMDOM\domain
> > users),27(sudo),3000025(SAMDOM\dnsadmins),3000009(BUILTIN\users)
> >
> > Lets see if Mathias knows :-)
> >
> > Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list