[Samba] Problem Groups GID Mappings

Rowland Penny rpenny at samba.org
Fri Oct 21 19:41:39 UTC 2016 

On Fri, 21 Oct 2016 19:57:52 +0100
Alex Crow via samba <samba at lists.samba.org> wrote:

> 
> > Apart from DC2 not having this line:
> >
> > idmap_ldb:use rfc2307 = yes
> >
> > Both smb.conf files look ok.
> > Can you elaborate on your problem and show a few examples.
> >
> > Rowland
> >  
> >
> 
> Surely the above line is required to obtain consistent UID, SID and
> name mappings on all servers?
> 
> Can the OP try adding it to their DC2, restarting services, and check
> again?
> 
> I was sure from the docs is that rfc2307 is the standard way of
> mapping UIDs/GIDs stored in AD to Unix UID/GIDs,,,
> 
> I have the same line on all my DCs and member servers with
> nsswitch.conf having passwd and group as "files winbind". That is the
> right way to do it isn't it?
> 
> Cheers
> 
> Alex

Yes, but it could be what I referred to in my second post, these are
from one of my DCs:

user:BUILTIN\134server\040operators:r-x
user:3000015:rwx
group::rwx
group:BUILTIN\134administrators:rwx
group:3000008:r-x
group:BUILTIN\134server\040operators:r-x
group:3000015:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:BUILTIN\134administrators:rwx
default:user:3000008:r-x
default:user:BUILTIN\134server\040operators:r-x
default:user:3000015:rwx
default:group::---
default:group:BUILTIN\134administrators:rwx
default:group:3000008:r-x
default:group:BUILTIN\134server\040operators:r-x
default:group:3000015:rwx
default:mask::rwx
default:other::---

getfacl /usr/local/samba/var/locks/sysvol/
getfacl: Removing leading '/' from absolute path names
# file: usr/local/samba/var/locks/sysvol/
# owner: root
# group: 3000000
# flags: -s-
user::rwx
user:root:rwx
user:3000000:rwx
user:3000008:r-x
user:3000011:r-x
user:3000015:rwx
group::rwx
group:3000000:rwx
group:3000008:r-x
group:3000011:r-x
group:3000015:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:3000000:rwx
default:user:3000008:r-x
default:user:3000011:r-x
default:user:3000015:rwx
default:group::---
default:group:3000000:rwx
default:group:3000008:r-x
default:group:3000011:r-x
default:group:3000015:rwx
default:mask::rwx
default:other::---

The first is with winbind in nsswitch.conf and the second is with it
removed, you would get the same result if the links do not exist or are
wrong, or are the wrong *.so files.

Rowland

More information about the samba mailing list