[Samba] urgent problem with samba 4.13 and chown/chgrp

Jason Keltz jas at eecs.yorku.ca
Thu Feb 11 10:48:33 UTC 2021 

Hi Louis,
The 'jas' user was already in AD user so the range was correct. 
The problem was nfs-idmap daemon on the server needed a restart.
On the other hand, do you have experience with  how long you wait for a user  added to a new AD group to be able to use that group in an nfs chgrp operation ? and do you have any specific winbind setting related to this? Changing cache time doesn't seem to shorten the time.

Jason

On Feb. 11, 2021, 4:48 a.m., at 4:48 a.m., "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>Besides your problem. 
>
>>>> idmap config EECSYORKUCA : range = 1000-999999 
>
>now, ONLY if you didnt create a first user on linux, your ok here. 
>normaly we do recommend to use/start higher. 
>
>You should now use overlapping ID's. 
>
>see also : 
>cat /etc/addusers.conf 
>
>start there, at least verify you dont have any users in the assigned
>range for samba
>
>
>
>Greetz, 
>
>Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Jason Keltz
>via
>> samba
>> Verzonden: woensdag 10 februari 2021 21:50
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] urgent problem with samba 4.13 and chown/chgrp
>> 
>> I'm trying to use chown/chgrp commands on files on NFS storage.
>> 
>> Take a file "l" that I touched:
>> 
>> -rw------- 1 jas tech 0 Feb 10 15:21 l
>> 
>> (note that user and group mapping is working perfectly)
>> 
>> % chgrp core l
>> chgrp: changing group of ?l?: Invalid argument
>> 
>> The problem is not the group:
>> 
>> % getent group core
>> core:x:1001:
>> 
>> % wbinfo -n 'core'
>> S-1-5-21-1981678738-1545235886-4256466701-6765 SID_DOM_GROUP (2)
>> 
>> % wbinfo -Y 'S-1-5-21-1981678738-1545235886-4256466701-6765'
>> 1001
>> 
>> The problem is not the user:
>> 
>> % getent passwd jas
>> 
>> jas:*:1004:1000::/cs/home/jas:/cs/local/bin/tcsh
>> 
>> When looking at an strace of the chgrp above, I see this odd call:
>> 
>> fchownat(AT_FDCWD, "l", -1, 1001, 0) = -1 EINVAL (Invalid argument)
>> 
>> Where the third argument should be my uid 1004 and is instead -1.
>> 
>> In smb.conf:
>> 
>> idmap config * : backend = tdb
>> idmap config * : range = 1000000-1999999
>> 
>> # idmap config for the EECSYORKUCA domain
>> # range should match UNIX ID in AD
>> 
>> idmap config EECSYORKUCA : backend = ad
>> idmap config EECSYORKUCA : schema_mode = rfc2307
>> idmap config EECSYORKUCA : range = 1000-999999
>> idmap config EECSYORKUCA : unix_primary_group = yes
>> idmap config EECSYORKUCA : unix_nss_info = yes
>> 
>> Yes, and in /etc/nsswitch.conf:
>> 
>> passwd:     files winbind
>> shadow:     files
>> group:      files winbind
>> 
>> As a side note, if I try to change the ownership of the file, I get a
>> similar behaviour.
>> 
>> This is a showstopper if I can't get this figured out. :( panic
>setting
>> in....
>> 
>> (I'm positive I used chown/chgrp with 4.11 successfully.)
>> 
>> Jason.
>> 
>> 
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list