[Samba] Samba user profiles file ownership
James B. Byrne
byrnejb at harte-lyne.ca
Thu Aug 13 13:54:56 UTC 2020
FreeBSD-12.1p7
Samba-4.10.15
The user profiles were transferred from the existing Samba AD-DC to a new
domain running on Samba-4.10. An ls on the original Samba (4.3.13) domain DC
shows this:
[root at SAMBA-01 ~]# ls -ld /var/samba4/BROCKLEY-2016/PROFILES/lyneak_hll.V2
drwxrwx---+ 16 BROCKLEY-2016\lyneak_hll BROCKLEY-2016\domain admins 512 Aug
12 17:07 /var/samba4/BROCKLEY-2016/PROFILES/lyneak_hll.V2
[root at SAMBA-01 ~]# ls -ldn /var/samba4/BROCKLEY-2016/PROFILES/lyneak_hll.V2
drwxrwx---+ 16 3000025 3000008 512 Aug 12 17:07
/var/samba4/BROCKLEY-2016/PROFILES/lyneak_hll.V2
On the new domain ls shows this:
ls -ld /var/samba4/BROCKLEY/PROFILES/lyneak_hll.V2
drwxrwx--- 16 3000025 3000008 25 Jul 24 17:24
/var/samba4/BROCKLEY/PROFILES/lyneak_hll.V2
But on the new domain controller ls shows this:
ls -ld /var/samba4/BROCKLEY/PROFILES/lyneak_hll.V2
drwxrwx--- 16 3000025 3000008 25 Jul 24 17:24
/var/samba4/BROCKLEY/PROFILES/lyneak_hll.V2
This is expected as the uid/gid mapping from one installation to another is not
expected to match. However, when I log on to the new domain from a Win10
workstation this is created:
d---------+ 18 3000027 3000008 27 Aug 12 15:29
/var/samba4/BROCKLEY/PROFILES/lyneak_hll.V6
Which leads to a few questions:
1. What configuration is required on the new DC to show uid 3000027 as
BROCKLEY\lyneak_hll or has this changed in later versions of Samba?
2. GID 3000008 appears to be BROCKLEY-2016\domain admins on both domains. But
does not display as such on the enw domain. What configuration setting is
required to get the group to display using ls?
3. On the existing domain the gid on user profiles seems to be 20 (staff). On
the new domain profiles are created with the gid 3000008. However, gid 20
9staff) exists in /etc/group on both DCs. Why the difference? Is this due to
a configuration setting?
The smb.conf file on the new DC is:
[root at smb4-2 ~ (master)]# cat /usr/local/etc/smb4.conf
## Global parameters
[global]
netbios name = SMB4-2
disable netbios = yes
realm = BROCKLEY.HARTE-LYNE.CA
server role = active directory domain controller
## use 'samba-tool testparm -v | grep services' to list active services
workgroup = BROCKLEY
idmap_ldb:use rfc2307 = yes
vfs objects = dfs_samba4 zfsacl
## Temp fix for roaming profiles? oplock
# veto oplock files = /NTUSER.DAT/
# veto oplock files = /ntuser.ini/
socket options = TCP_NODELAY SO_KEEPALIVE
## nbt causes a fatal startup error (or use disable netbios = yes)
# server services = -nbt
## Eliminate ipv6 errors
bind interfaces only = Yes
interfaces = localhost smb4-2
## DNS
dns forwarder = 216.185.71.33 216.185.71.34
#additional dns hostnames = smb4-2.brockley.harte-lyne.ca
## Note diff: sbin vs. bin and _ vs. - and dns vs. ns
dns update command = /usr/local/sbin/samba_dnsupdate
## samba_dnsupdate insists on finding rndc
rndc command = /usr/bin/true
## For secure dns dynamic updates use these (but secure does not work):
# 1 nsupdate command = /usr/local/bin/samba-nsupdate -g
# 1 allow dns updates = secure only
## For insecure dynamic updates use these settings:
nsupdate command = /usr/local/bin/samba-nsupdate
allow dns updates = nonsecure
## Logging
log level = 1
# log file = /var/log/samba4/smbd.log.%m
log file = /var/log/samba4/smbd.log
max log size = 10000
debug timestamp = yes
# Disable printing
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
## Shares
[sysvol]
path = /var/db/samba4/sysvol
read only = No
[netlogon]
path = /var/db/samba4/sysvol/brockley.harte-lyne.ca/scripts
read only = No
[PROFILES]
comment = Users profiles
path = /var/samba4/BROCKLEY/PROFILES/
browseable = No
read only = No
force create mode = 0600
force directory mode = 0700
csc policy = disable
store dos attributes = yes
vfs objects = dfs_samba4 zfsacl
[USERS]
comment = Users folder redirection
path = /var/samba4/BROCKLEY/USERS/
browseable = No
read only = No
force create mode = 0600
force directory mode = 0700
csc policy = disable
store dos attributes = yes
vfs objects = dfs_samba4 zfsacl
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Unencrypted messages have no legal claim to privacy
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the samba
mailing list