[Samba] Domain member server: user access

L.P.H. van Belle belle at bazuin.nl
Tue Sep 26 06:48:12 UTC 2017 

Hai Rowland, 

Im pretty sure this is a bug in the DC part. 
I'll show. 

On the DC.
dc1:~# getent passwd winadmin
NTDOM\winadmin:*:10000:100::/home/users/winadmin:/bin/bash

wbinfo --group-info="Domain Users"
NTDOM\domain users:x:100:

id winadmin
uid=10000(NTDOM\winadmin) gid=100(users) groups=100(users),3000004(BAZRTD\group policy creator owners),3000008(NTDOM\domain admins)


mem1:~$ getent passwd winadmin
winadmin:*:10000:10000:WinAdmin ICT:/home/users/windmin:/bin/bash

wbinfo --group-info="Domain Users"
domain users:x:10000:

I can say i never ever use(d) GID 100.
Now i re-checed my users and group from within windows. 

This user, winadmin, primary GID is "Domain Users" with uid 10000 so the member resolves correct.
I rechecked my group, the UnixTab show the correct "nis" domain and correct GID 10000.
I rechecked everything i could and it all shows it should be 10000. 
Only the DC output tells us its 100. 

Anyone already on 4.7 who can test this by chance? Or anyone on 4.6.7./4.6.6 who can test this also? 


Greetz, 

Louis






> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Stefan G. 
> Weichinger via samba
> Verzonden: maandag 25 september 2017 17:45
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Domain member server: user access
> 
> Am 2017-09-25 um 17:41 schrieb Rowland Penny via samba:
> > On Mon, 25 Sep 2017 17:33:55 +0200
> > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
> 
> >> maybe I am still wrong but I assume I have to use
> "--gid-number=10513"
> >> when creating a user, and not "100" ?
> >>
> >> as in:
> >>
> >> # samba-tool user create User5 P#ssw5rd --nis-domain=ARBEITSGRUPPE
> >> --unix-home=/home/User5 --uid-number=10098 --login-shell=/bin/false
> >> --gid-number=10513
> > 
> > Yes
> > 
> >>
> >> Or skip that option ?
> > 
> > No, you will get an error message if you do (unless you
> also drop the
> > '--nis-domain' option as well)
> 
> ok. We will try that tmrw ... got to leave now.
> Have a nice evening everyone (at least here it is evening ...)
> 
> stefan
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list