[Samba] User cannot access member server share by name, only by IP

Luke Barone lukebarone at gmail.com
Fri Dec 2 21:05:47 UTC 2022 

So here's what they look like (from the file server):

root at fs1.edge:~# getent group Staff
staff:x:70012:
root at fs1.edge:~# getent group Sta22
sta22:x:102103:

1. Yes, I've run 'net cache flush' a few times. It seems to bounce the user
or group IDs between the two sets of numbers (70_000 range to 100_000 range)
2. Through a script:
samba-tool user create $un $pw \
        --userou="OU=Staff_Users,OU=Users" \
        --must-change-at-next-login \
        --given-name=$fn \
        --surname=$ln \
        --home-directory=\\\\fs1.${domain,,}.EXAMPLE.ca\\Users\\$un \
        --home-drive=H
3. Before today, running `samba-tool group add Staff`. The groups were made
a few years ago.
4. Before, as part of the script, these users were added with `samba-tool
group addmembers Staff $un`. Starting today, when I created Staff2, I added
it with the RSAT tools, and added the members there.

On Fri, Dec 2, 2022 at 1:01 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:

>
>
> On 02/12/2022 20:41, Luke Barone via samba wrote:
> > So here's the sad part (for me): some users are showing up still in the
> > 70_000-range, which they should not be. Is there a way to get all the
> user
> > ID numbers from the member server's point of view, then re-assign them to
> > be in the 100_000 range?
> >
>
> There is something strange going on here. If you use the idmap 'rid'
> backend, the DOMAIN ID's are supposed to be calculated from the RID with
> this calculation:
>
> ID = RID + LOW_RANGE_ID
>
>  From what you posted earlier, this becomes:
>
> ID = RID + 100000
>
> As '70,000' is less than 100,000 , there should be no way that your
> users and groups are getting such low numbers.
>
> All you DOMAIN users and groups should have Unix ID's starting from
> 101000 , normal user & group RIDs start from '1000'
>
> Also from what you posted earlier, I am willing to bet that the group
> 'staff' has the RID '1109'.
>
> Have you run 'net cache flush' ?
>
> How are you creating users ?
>
> How are you creating groups ?
>
> How are you adding users to a group ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list