[Samba] Avoiding uid conflicts between rfc2307 user/groups and computers
Marco Gaiarin
gaio at sv.lnf.it
Wed Jan 24 11:17:39 UTC 2018
Ok, i've got some tome to do some tests.
> > I couldn't get backend: ad to work for
> > machine accounts, so i switched to idmap: rid and it solved everything. I
> > tried manually adding UID and GID to Domain Computer group and to machine
> > accounts, but it didn't seem to work properly, so I gave up especially that
> > RID was perfectly fine.
> Ok. I trust you, but i think i'll do some tests by myself, and
> eventually report here and, i think, i'll fire up a bug also... because
> seems really a bug to me...
Samba 4.5, AD backend, GID assigned to 'Domain Computers' and UID
assigned to a test machine account (windows 7 pro woks named 'kain').
I'm configuring WPKG, that run in SYSTEM context, and simply looking at
smbstatus:
root at vdmsv1:/srv/samba/wpkg# smbstatus
Samba version 4.5.12-Debian
PID Username Group Machine Protocol Version Encryption Signing
----------------------------------------------------------------------------------------------------------------------------------------
9859 gaio domain users 10.5.1.34 (ipv4:10.5.1.34:64747) SMB2_10 - -
9946 gaio domain users 10.5.1.34 (ipv4:10.5.1.34:51900) SMB2_10 - -
9894 gaio domain users 10.5.1.34 (ipv4:10.5.1.34:64768) SMB2_10 - -
9945 gaio domain users 10.5.1.34 (ipv4:10.5.1.34:51899) SMB2_10 - -
9947 kain$ domain computers 10.5.1.34 (ipv4:10.5.1.34:51901) SMB2_10 - -
Service pid Machine Connected at Encryption Signing
---------------------------------------------------------------------------------------------
users 9859 10.5.1.34 mer gen 24 11:58:32 2018 CET - -
Work 9894 10.5.1.34 mer gen 24 11:58:37 2018 CET - -
wpkg 9945 10.5.1.34 mer gen 24 12:09:55 2018 CET - -
wpkg 9947 10.5.1.34 mer gen 24 12:09:56 2018 CET - -
wpkg 9946 10.5.1.34 mer gen 24 12:09:55 2018 CET - -
Locked files:
Pid Uid DenyMode Access R/W Oplock SharePath Name Time
--------------------------------------------------------------------------------------------------
9947 11508 DENY_WRITE 0x120089 RDONLY LEASE(RWH) /srv/samba/wpkg packages/sqlite.xml Wed Jan 24 12:09:58 2018
9947 11508 DENY_WRITE 0x120089 RDONLY LEASE(RWH) /srv/samba/wpkg packages/odfaddin.xml Wed Jan 24 12:09:58 2018
9947 11508 DENY_WRITE 0x120089 RDONLY LEASE(RWH) /srv/samba/wpkg packages.xml Wed Jan 24 12:09:58 2018
9947 11508 DENY_WRITE 0x120089 RDONLY LEASE(RWH) /srv/samba/wpkg packages/jclic.xml Wed Jan 24 12:09:58 2018
9947 11508 DENY_WRITE 0x120089 RDONLY LEASE(RWH) /srv/samba/wpkg packages/wviola.xml Wed Jan 24 12:09:58 2018
9947 11508 DENY_WRITE 0x120089 RDONLY LEASE(RWH) /srv/samba/wpkg packages/workrave.xml Wed Jan 24 12:09:58 2018
9947 11508 DENY_WRITE 0x120089 RDONLY LEASE(RWH) /srv/samba/wpkg packages/kb979682.xml Wed Jan 24 12:09:58 2018
[...]
Eg, i've accessed the share with user 'kain$'.
There's something more that i can test, or there's something that can
have fooled me?
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list