[Samba] moved DM config to new server : gids different etc
Rowland penny
rpenny at samba.org
Tue Nov 26 16:37:47 UTC 2019
On 26/11/2019 16:28, Stefan G. Weichinger via samba wrote:
> Am 26.11.19 um 17:15 schrieb Rowland penny via samba:
>> On 26/11/2019 16:00, Stefan G. Weichinger via samba wrote:
>>> Last week the mobo in a DM server died, so we had to set up a fallback
>>> machine and reinstall Debian 10.2 including Samba
>>>
>>> I had smb.conf but not /var/lib/samba in backups.
>>>
>>> Restored krb5.conf and smb.conf, rejoined.
>>>
>>> Things work mostly ...
>>>
>>> but for example I get gid 10006 for "domain users" instead of 10513
>>> before.
>>>
>>> and getent group doesn't show the AD groups, btw
>> This is very strange, just about the only thing I would really change in
>> your smb.conf is to remove these lines:
>>
>> unix extensions = no
>> follow symlinks= yes
>> wide links= yes
> old parameters, defensive ... yes
>
>> And they cannot have anything to do with your problem.
>>
>> The ID for Domain Users (when using the 'rid' backend) is calculated
>> from this:
>>
>> ID = RID + LOW_RANGE_ID
>>
>> The RID for Domain Users is always '513' and your domain low range is
>> '10000', so it becomes:
>>
>> ID = 513 + 10000
>>
>> So 'ID' == 10513
> Yes, thanks.
>
> I maybe messed up something myself.
>
> Right now when I run "chgrp -R 10513 somefolder" it gets shown as
>
> drwxrwx---+ 4 administrator dom�nen-benutzer 4096 Nov 21 12:14 somefolder
>
> which is good.
>
> (I dislike the fact that the german "domänen-benutzer" has an Umlaut in
> it ... problematic with some commands)
>
> I run some larger chgrp-command now to get these folders accessible again.
>
>
> # getent group | grep -i utzer
>
> does show nothing, though, I always forget if that has worked or not,
> and why ...
How about 'getent group Domain\ Users' ?
Rowland
More information about the samba
mailing list