[Samba] Domain Users group with multiple gid
Rowland Penny
rpenny at samba.org
Sun Apr 8 12:51:25 UTC 2018
On Sun, 8 Apr 2018 13:22:28 +0100
Clemente Aguiar via samba <samba at lists.samba.org> wrote:
> The samba was created by Zentyal system (http://www.zentyal.org).
>
> Here is smb.conf:
>
> [global]
> workgroup = arditi
> realm = ARDITI.PT
> netbios name = hera
> server string = Zentyal Server
> server role = dc
> server role check:inhibit = yes
> server services = -dns
> server signing = auto
> dsdb:schema update allowed = yes
> ldap server require strong auth = no
> drs:max object sync = 1200
>
> idmap_ldb:use rfc2307 = yes
>
> winbind enum users = yes
> winbind enum groups = yes
> template shell = /bin/bash
> template homedir = /home/%U
>
> interfaces = lo,eth0
> bind interfaces only = yes
>
> map to guest = Bad User
>
> log level = 3
> log file = /var/log/samba/samba.log
> max log size = 100000
>
> include = /etc/samba/shares.conf
>
> [netlogon]
> path = /var/lib/samba/sysvol/arditi.pt/scripts
> browseable = no
> read only = yes
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = no
It is running as an AD DC and the IDs you showed are not in the
'3000000' range, so this means one of two things, either idmap.ldb has
been messed with (not recommended) or the users and groups have been
given uidNumber and gidNumber attributes (with very low numbers, again
not recommended).
I think it is more likely to be the later and if so, there is a bug for
this: https://bugzilla.samba.org/show_bug.cgi?id=13054#
Rowland
More information about the samba
mailing list