[Samba] suddenly change: idmap uid + gid
Rowland penny
rpenny at samba.org
Sun Nov 3 08:39:42 UTC 2019
On 02/11/2019 23:18, Hilberg via samba wrote:
> Hi
>
> The server suddenly changed the uid + gid. this happened to times,
> yesterday and the week after. The default group at example
> The samba is a AD member where we have many users (>20 000) and we use
> autorid in that way
> [global]
> security = ads
> workgroup = CUSTOMER
> realm = CUSTOMER.COM
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum group = yes
> idmap config * : backend = autorid
> idmap config * : range = 1000000-8999999999
>
> OS debian 10
> DC Microsoft
>
> At the moment I have two questions:
> Why this happened and is there a way to stop the disaster?
> Is there a quick way to repair the disaster? I infects the profile
> directory used with acl.
>
> thank you
>
Please do not post things like this to the samba-technical list.
As I said, you cannot use 'winbind use default domain = yes' with
'autorid', it makes all users and groups members of the same domain,
this is probably what has happened here.
Remove the line, this should stop it happening again
If you have only one domain, then you shouldn't be using autorid, you
should be using rid instead, unfortunately it is probably too late now.
As to how you fix your permissions, I fear this will have to be done
manually, you will have to identify which folder or file belongs to
which user/group.
Samba does not create Unix IDs on Unix domain members, it either uses
rfc2307 attributes stored in AD (if using the winbind 'ad' backend) or
it calculates the ID from the AD objects SID
Rowland
More information about the samba
mailing list