[Samba] Problem Groups GID Mappings

Rowland Penny rpenny at samba.org
Fri Oct 21 18:16:16 UTC 2016 

On Fri, 21 Oct 2016 18:02:23 +0000 (UTC)
Ricardo Pardim Claus via samba <samba at lists.samba.org> wrote:

> Dear Rowland, 
> 
> Here is an example. 
> 
> DC1:
> 
> 
> # getfacl /usr/local/samba/var/locks/sysvol/ 
> getfacl: Removing leading '/' from absolute path names 
> # file: usr/local/samba/var/locks/sysvol/ 
> # owner: root 
> # group: 3000000 
> user::rwx 
> user:root:rwx 
> user:3000000:rwx 
> user:3000012:r-x 
> user:3000025:rwx 
> user:3000026:r-x 
> group::rwx 
> group:3000000:rwx 
> group:3000012:r-x 
> group:3000025:rwx 
> group:3000026:r-x 
> mask::rwx 
> other::--- 
> default:user::rwx 
> default:user:root:rwx 
> default:user:3000000:rwx 
> default:user:3000012:r-x 
> default:user:3000025:rwx 
> default:user:3000026:r-x 
> default:group::--- 
> default:group:3000000:rwx 
> default:group:3000012:r-x 
> default:group:3000025:rwx 
> default:group:3000026:r-x 
> default:mask::rwx 
> default:other::--- 
> 
> 
> 
> DC2:
> 
> # getfacl /usr/local/samba/var/locks/sysvol/ 
> getfacl: Removing leading '/' from absolute path names 
> # file: usr/local/samba/var/locks/sysvol/ 
> # owner: root 
> # group: BUILTIN\134administrators 
> user::rwx 
> user:root:rwx 
> user:BUILTIN\134administrators:rwx 
> user:3000012:r-x 
> user:3000025:rwx 
> user:BUILTIN\134server\040operators:r-x 
> group::rwx 
> group:BUILTIN\134administrators:rwx 
> group:3000012:r-x 
> group:3000025:rwx 
> group:BUILTIN\134server\040operators:r-x 
> mask::rwx 
> other::--- 
> default:user::rwx 
> default:user:root:rwx 
> default:user:BUILTIN\134administrators:rwx 
> default:user:3000012:r-x 
> default:user:3000025:rwx 
> default:user:BUILTIN\134server\040operators:r-x 
> default:group::--- 
> default:group:BUILTIN\134administrators:rwx 
> default:group:3000012:r-x 
> default:group:3000025:rwx 
> default:group:BUILTIN\134server\040operators:r-x 
> default:mask::rwx 
> default:other::--- 
> 

OK, I know you say that /etc/nsswitch.conf is set up correctly, but
have you also set up the libnss_winbind links on both DCs ?

Rowland

More information about the samba mailing list