[Samba] Problem with one User after upgrade to 4.5.0
Rowland Penny
rpenny at samba.org
Sun Oct 9 08:51:45 UTC 2016
On Sun, 9 Oct 2016 01:58:00 -0600
"Paul R. Ganci via samba" <samba at lists.samba.org> wrote:
> Well I upgraded from 4.4.6 to 4.5.0 and discovered that one of my
> user accounts is completely borked. What is very strange is that
> everything in Samba looks okay. Here is the first problem symptom.
> The data is from the DC.
>
> total 80
> drwxr-xr-x. 7 root root 4096 Oct 9
> 01:15 .
> drwx------+ 77 SAMDOM\prg-11868bg SAMDOM\domain users 20480 Oct 9
> 00:55 prg-11868bg
> drwx------+ 39 3001108 SAMDOM\domain users 4096 Oct 9
> 00:30 sln-11868bg
>
> Note that the directory sln-11868bg is owned by 3001108 instead of
> SAMDOM\sln-11868bg. But everything seems like it should be correct.
> For example:
>
> > getent passwd sln-11868bg
> SAMDOM\sln-11868bg:*:3001108:3000513:John Q.
> Public:/home/sln-11868bg:/bin/bash
>
>
> > samba-tool user list
> sln-11868bg
> Administrator
> prg-11868bg
> krbtgt
> Guest
>
> > wbinfo -n sln-11868bg
> S-1-5-21-729452656-3029571206-2736118167-1143 SID_USER (1)
>
> > wbinfo --sid-to-uid S-1-5-21-729452656-3029571206-2736118167-1143
> 3001108
>
> >ldbedit -H /var/lib/samba/private/idmap.ldb
> # record 16
> dn: CN=S-1-5-21-729452656-3029571206-2736118167-1143
> cn: S-1-5-21-729452656-3029571206-2736118167-1143
> objectClass: sidMap
> objectSid: S-1-5-21-729452656-3029571206-2736118167-1143
> type: ID_TYPE_BOTH
> xidNumber: 3000062
> distinguishedName: CN=S-1-5-21-729452656-3029571206-2736118167-1143
>
> >ldbedit -H /var/lib/samba/private/sam.ldb (sanitized the record by
> changing addresses, telephone numbers and names)
> # record 274
> dn: CN=John Q. Public,CN=Users,DC=samdom,DC=example,DC=com
> sn: Public
> c: US
> l: Some City
> st: InSomeState
> postalCode: 88888
> givenName: John
> instanceType: 4
> whenCreated: 20141220195750.0Z
> uSNCreated: 5115
> co: United States
> company: SAMDOM
> objectGUID: 2770b5ca-f2e7-43bc-9a47-833ce384c564
> badPwdCount: 0
> codePage: 0
> countryCode: 840
> homeDirectory: \\nikita\home\sln-11868bg
> homeDrive: H:
> badPasswordTime: 0
> lastLogoff: 0
> primaryGroupID: 513
> objectSid: S-1-5-21-729452656-3029571206-2736118167-1143
> accountExpires: 9223372036854775807
> sAMAccountName: sln-11868bg
> sAMAccountType: 805306368
> userPrincipalName: sln-11868bg at samdom.example.com
> userAccountControl: 66048
> memberOf: CN=Roaming Profiles and Folder Redirection
> Users,OU=SAMDOMOU,DC=samd
> om,DC=example,DC=com
> cn: John Q. Public
> name: John Q. Public
> streetAddress: 478 Some St.
> initials: Q
> displayName: John Q. Public
> gidNumber: 3000513
> lockoutTime: 0
> loginShell: /bin/bash
> mail: sPublic at example.com
> mobile: (555)555-5555
> msDS-SupportedEncryptionTypes: 0
> telephoneNumber: (555)555-5555
> title: The Bigger Boss
> uidNumber: 3001108
> unixHomeDirectory: /home/sln-11868bg
> objectClass: top
> objectClass: posixAccount
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> objectCategory:
> CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=co
> m
> profilePath: \\nikita\home\Profiles\sln-11868bg
> pwdLastSet: 131111097150000000
> lastLogonTimestamp: 131203623889809690
> whenChanged: 20161008010628.0Z
> uSNChanged: 5656
> lastLogon: 131204700204284310
> logonCount: 16
> distinguishedName: CN=John Q.
> Public,CN=Users,DC=samdom,DC=example,DC=com
>
> Why is the owner showing up as the uidNumber 3001108 and not mapped
> to SAMDOM\sln-11868bg? I am desperate as my wife's Profile and Home
> directory can no longer be accessed. I am my wits end on this one. I
> see no reason why there should be an issue with this one account and
> my account and the Administrator's accounts are fine. Any suggestions?
>
>
Have you by any chance got another 3001108 'xidNumber' in idmap.ldb ?
If you give a user a 'uidNumber' attribute, the contents of this will be
used instead of the 'xidNumber' in idmap.ldb, hence you do not need to
(and probably shouldn't) use numbers in the '3000000' range.
Rowland
More information about the samba
mailing list