[Samba] samba 4 joining samba 3 pdc - group mismatch

Thu May 3 19:04:59 UTC 2018

On Thu, 3 May 2018 15:55:47 -0300
"Ethy H. Brito" <ethy.brito at inexo.com.br> wrote:

> On Thu, 3 May 2018 19:18:45 +0100
> Rowland Penny via samba <samba at lists.samba.org> wrote:
> 
> > On Thu, 3 May 2018 14:59:18 -0300
> > "Ethy H. Brito via samba" <samba at lists.samba.org> wrote:
> > 
> > > I run the pdbedit command.
> > > I got a lage amount of users (and groups). 
> > > The admin of the S3 server deleted (userdel) 75 users and these
> > > are still listed by pdbedit. How do I get rid os them??
> > > 
> > > I think you may be mistaken (or I did not fully understood your
> > > affirmation). These "no such user" users were deleted from Linux
> > > with "userdel -r"  and are ghosts in Samba.
> > > I just tried to remove them (smbpasswd -x) them but got "Failed to
> > > delete entry for user XXXX"
> > > How do I get rid of these ghosts?  
> > 
> > The OS stores users in /etc/passwd and userdel removes these, but
> > there are also Samba users and you need to run 'smbpasswd -x
> > username' to remove these.
> 
> You may missed my comment above. I did try 'smbpasswd -x <USERNAME>'.
> I get "Failed to delete entry for user <USERNAME>".
> 
> > 
> > > > what is your rsync command ?  
> > > 
> > > for i in D1 D2 D3 D4 ; do 
> > >         echo
> > >         echo "SYNC'ing $i";
> > >         echo
> > >         /usr/bin/rsync -av S3:/var/samba/$i /home; 
> > > done
> > > 
> > >   
> > > > I ask this because if I rsync a file from my pc (rowland,
> > > > 10000, ad backend) to a another pc (rowland, 11107, rid
> > > > backend), ls -la shows the owner as 'rowland'  
> > > 
> > > Maybe you mounted the remote server locally. Didn't you?  
> > 
> > My rsync command was much the same as yours (just added 'z') and I
> > didn't mount anything, which leads to the next question, are you
> > mounting anything ?
> 
> Not at all.
> 
> But I have to apologize thousand times to you.
> I did not check the files rsync copied *after* the modifications you
> said.
> 
> While we where talking, rsync copied the files at least twice and
> corrected the whole thing. The files and directories permissions and
> ownership are ok. I can now list them with correct names.
> 
> Sorry for the noise.
> 
> So! What is not working?
> 
> jgarcia user is a member of UNIX group G1 at S3. 
> 
> S3# grep "G1.*jgarcia" /etc/group
> G1:x:1119:jgarcia
> 
> I have this share at S4:
> 
> [snapshots]
>    comment = snapshots
>    path = /var/snapshots
>    browseable = no
>    read only = yes
>    valid users = @G1
> 
> jgarcia is given NT_STATUS_ACCESS_DENIED.
> If I change "valid users" to "@G1 jgarcia" *or* create a (local to
> S4) G1 group the logs in.
> 
> How to debug this error?
> 
It isn't actually an error, the group 'G1' is a local group and as such
is unknown to S4. You will need to create a group in samba on S3, map
this to 'G1'. The mapped group should then become usable on S4.

Rowland