[Samba] Domain member server: user access

Rowland Penny rpenny at samba.org
Mon Oct 9 18:29:46 UTC 2017


On Mon, 9 Oct 2017 20:12:27 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:

> Am 2017-09-26 um 16:16 schrieb Rowland Penny via samba:
> 
> > Very simple Stefan, there is a bug and a simple workaround, never
> > (not ever) run 'wbinfo -G 100' on a DC if you have given Domain
> > Users a gidNumber ;-)
> 
> hit the same issue with a domain group today (DC and DM w/
> samba-4.6.8)
> 
> Solution:
> 
> net cache flush, recreate the group via samba-tool, and --gid-number
> 
> before that the group had a gid of 3000013 and wasn't shown on the
> DM, even when the idmap range there was up to 9999999.

Unless you have done something strange like giving a group the
gidNumber '3000013', this is an xidNumber and isn't used anywhere
except on a DC. It is also probably one of the Well Known SIDs, so you
shouldn't remove and recreate one of these. Which leads us to the
obvious question, what was the group name ?
 
> 
> Your reported bug still sits there unnoticed, right?

Not unnoticed, just not yet resolved ;-)

Rowland
 




More information about the samba mailing list