[Samba] Permission Issue
Rowland penny
rpenny at samba.org
Thu Aug 29 08:23:59 UTC 2019
On 29/08/2019 08:16, Benedikt Kaleß via samba wrote:
> Hi,
>
> this configuration doesn't make any differenc in daily life. So perhaps
> an ID-Mapping problem?
>
> an ldbsearch --url=/var/lib/samba/private/sam.ldb
>
> shows
>
> dn: CN=Team IT and facilities,OU=HO,OU=example,DC=com,DC=de
> objectClass: top
> objectClass: group
> cn: Team
> instanceType: 4
> whenCreated: 20180731103742.0Z
> uSNCreated: 3631
> name: Team
> objectGUID: 7a27f859-97dc-4cf8-b4b1-c7b7cfe0f585
> objectSid: S-1-5-21-1996849273-3222042488-349429296-101163
> sAMAccountName: Team
> sAMAccountType: 268435456
> groupType: -2147483646
> objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com
> whenChanged: 20190723103748.0Z
> uSNChanged: 39294
> member::
> Q049QmVuZWRpa3QgS2FsZcOfLE9VPVRlYW0gSVQgJiBGYWNpbGl0eSBNYW5hZ2VtZW50L
> E9VPUV4ZWN1dGl2ZSBCb2FyZCBGaW5hbmNlXCwgSFJcLCBBZG1pbmlzdHJhdGlvbixPVT1ITyxPVT
> 1aRkQsREM9emZkLERDPWZvcnVtemZkLERDPWRl
> member: CN=Testuser,OU=IRK,OU=ZFD,DC=zfd,DC=forumzfd,DC=de
> distinguishedName: CN=Team,OU=HO,OU=,Example,DC=com,D
> C=de
That doesn't look right at all, the 'cn', 'name', 'sAMAccountName' &
'distinguishedName' should be 'Team IT and facilities' and before
anybody asks, the base64 encoded 'member' is encoded for a reason.
> So, I assume that the uid on the ctdb and a standalone fileserver has to
> be 101163, right?
>
> The ctdb shows the uid 103150, the fileserver 102150
No 'uid' would be 'Team IT and facilities', but the gidNumber doesn't
have to be the same everywhere, unless you are using the winbind 'ad'
backend. However, if you are using the winbind 'rid' backend, I would
expect the group ID to end with the same numbers, in this case '163', as
it is calculated from the RID.
Rowland
More information about the samba
mailing list