[Samba] Change in behaviour for the "%U" substitution in 4.10.8?

[gac]

I imagine the numeric UID is my old boss who left the company a few years ago, and by this point his account has been removed, not just disabled. The only thing contained by the DOMAIN directory is a home directory for each user, which is owned by them. So I don't _think_ this is the problem.

The command you suggested returns:

winbind_lookup_rids failed: WBC_ERR_DOMAIN_NOT_FOUND

The ACLs are to allow --x access for the 'www-data' into users home directories for use with Apache+mod_userdir, and then r-x access for their www directory

6 Sep 2019, 10:52 by samba at lists.samba.org:

> On 06/09/2019 10:34, gac wrote:
>
>> No problem - https://pastebin.com/G8pa3bdE
>>
> Please just post things like this in line ;-)
>
> root at server:/var/log/samba# ls -lad /shares
> drwxr-xr-x 9 root root 4096 Jan 16  2019 /shares #
>
> Owner:Group is root:root, but anybody can enter
>
> root at server:/var/log/samba# ls -lad /shares/DOMAIN
> drwxr-xr-x+ 16 1106001204 employees 4096 Sep  6 09:43 /shares/DOMAIN
>
> Why a number and not a username ? only the number can write, but anybody can enter and read
>
> But there are ACLs set, so what does 'getfacl /shares/DOMAIN' return ?
>
> root at server:/var/log/samba# ls -lad /shares/DOMAIN/username
> drwxr-x---+ 32 username domain users 4096 Sep  6 08:34 /shares/DOMAIN/username
>
> Only the user has full access, but Domain Users can enter and read, access from anyone else is denied
>
> But there are ACLs set, so what does 'getfacl /shares/DOMAIN/username' return ?
>
> I think your problem has a lot to do with '1106001204' not being resolved to a name, so who is it ?
>
> Can you check with 'wbinfo -R 1204'
>
> Rowland
>
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>