[Samba] suddenly change: idmap uid + gid

[Liste]

Am 03.11.2019 um 09:42 schrieb Rowland penny via samba <samba at lists.samba.org>:
> 
> On 02/11/2019 23:18, Hilberg via samba wrote:
>> Hi
>> 
>> The server suddenly changed the uid + gid. this happened to times, yesterday and the week after. The default group at example
>> The samba is a AD member where we have many users (>20 000) and we use autorid in that way
>> [global]
>>   security = ads
>>   workgroup = CUSTOMER
>>   realm = CUSTOMER.COM
>>   winbind use default domain = yes
>>   winbind enum users = yes
>>   winbind enum group = yes
>>   idmap config * : backend = autorid
>>   idmap config * : range = 1000000-8999999999
>> 
>> OS debian 10
>> DC Microsoft
>> 
>> At the moment I have two questions:
>> Why this happened and is there a way to stop the disaster?
>> Is there a quick way to repair the disaster? I infects the profile directory used with acl.
>> 
>> thank you
>> 
> Please do not post things like this to the samba-technical list.
> 
> As I said, you cannot use 'winbind use default domain = yes' with 'autorid', it makes all users and groups members of the same domain, this is probably what has happened here.
> 
> Remove the line, this should stop it happening again
> 
> If you have only one domain, then you shouldn't be using autorid, you should be using rid instead, unfortunately it is probably too late now.

I have 4 trusted domains 
Builtin
Hostname of Samba Servern 
Costumer
costumerxy

Custumer is the only primary 
> 
> As to how you fix your permissions, I fear this will have to be done manually, you will have to identify which folder or file belongs to which user/group.
> 
> Samba does not create Unix IDs on Unix domain members, it either uses rfc2307 attributes stored in AD (if using the winbind 'ad' backend) or it calculates the ID from the AD objects SID
> 
> Rowland
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba