[Samba] moved DM config to new server : gids different etc

Tue Nov 26 16:28:08 UTC 2019

Am 26.11.19 um 17:15 schrieb Rowland penny via samba:
> On 26/11/2019 16:00, Stefan G. Weichinger via samba wrote:
>> Last week the mobo in a DM server died, so we had to set up a fallback
>> machine and reinstall Debian 10.2 including Samba
>>
>> I had smb.conf but not /var/lib/samba in backups.
>>
>> Restored krb5.conf and smb.conf, rejoined.
>>
>> Things work mostly ...
>>
>> but for example I get gid 10006 for "domain users" instead of 10513
>> before.
>>
>> and getent group doesn't show the AD groups, btw
> 
> This is very strange, just about the only thing I would really change in
> your smb.conf is to remove these lines:
> 
> unix extensions = no
> follow symlinks= yes
> wide links= yes

old parameters, defensive ... yes

> And they cannot have anything to do with your problem.
> 
> The ID for Domain Users (when using the 'rid' backend) is calculated
> from this:
> 
> ID = RID + LOW_RANGE_ID
> 
> The RID for Domain Users is always '513' and your domain low range is
> '10000', so it becomes:
> 
> ID = 513 + 10000
> 
> So 'ID' == 10513

Yes, thanks.

I maybe messed up something myself.

Right now when I run "chgrp -R 10513 somefolder" it gets shown as

drwxrwx---+   4 administrator dom�nen-benutzer  4096 Nov 21 12:14 somefolder

which is good.

(I dislike the fact that the german "domänen-benutzer" has an Umlaut in
it ... problematic with some commands)

I run some larger chgrp-command now to get these folders accessible again.

# getent group | grep -i utzer

does show nothing, though, I always forget if that has worked or not,
and why ...

> What packages have you installed to get Samba working on your new server ?

I can't tell exactly anymore, basically stuff like what Louis recommends at

https://github.com/thctlo/samba4/blob/master/howtos/stretch-base-3.2-samba-member-fileserver.txt

# apt-get install samba winbind acl libnss-winbind libpam-winbind  ntp
krb5-user  smbclient samba-vfs-modules samba-dsdb-modules
Reading package lists... Done
Building dependency tree
Reading state information... Done
acl is already the newest version (2.2.53-4).
krb5-user is already the newest version (1.17-3).
ntp is already the newest version (1:4.2.8p12+dfsg-4).
libnss-winbind is already the newest version (2:4.10.10+dfsg-0.1~buster~1).
libpam-winbind is already the newest version (2:4.10.10+dfsg-0.1~buster~1).
samba is already the newest version (2:4.10.10+dfsg-0.1~buster~1).
samba-dsdb-modules is already the newest version
(2:4.10.10+dfsg-0.1~buster~1).
samba-vfs-modules is already the newest version
(2:4.10.10+dfsg-0.1~buster~1).
smbclient is already the newest version (2:4.10.10+dfsg-0.1~buster~1).
winbind is already the newest version (2:4.10.10+dfsg-0.1~buster~1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.