[Samba] Different "Domain Users" GIDs created by rid backend
Leszek Szczepanowski
twinsen at mspanc.net
Wed Dec 14 12:07:49 UTC 2022
Hi,
Some more info:
[root at fs01 symptoms]# onnode all 'id "XXX\lszczepa"'
>> NODE: 10.254.94.11 <<
uid=25360(XXX\lszczepa) gid=100513(XXX\domain users)
groups=100513(XXX\domain users),25360(XXX\lszczepa) [...]
>> NODE: 10.254.94.12 <<
uid=25360(XXX\lszczepa) gid=10513(XXX\domain users) groups=10513(XXX\domain
users),25360(XXX\lszczepa) [...]
>> NODE: 10.254.94.13 <<
uid=25360(XXX\lszczepa) gid=10513(XXX\domain users) groups=10513(XXX\domain
users),25360(XXX\lszczepa) [...]
>> NODE: 10.254.94.14 <<
uid=25360(XXX\lszczepa) gid=10513(XXX\domain users) groups=10513(XXX\domain
users),25360(XXX\lszczepa) [...]
>> NODE: 10.254.94.15 <<
uid=25360(XXX\lszczepa) gid=10513(XXX\domain users) groups=10513(XXX\domain
users),25360(XXX\lszczepa) [...]
>> NODE: 10.254.94.16 <<
uid=25360(XXX\lszczepa) gid=10513(XXX\domain users) groups=10513(XXX\domain
users),25360(XXX\lszczepa) [...]
But why just on one node, there is different mapping, if there is the same
smb.conf for all nodes?
[global]
clustering = yes
ctdb:registry.tdb = yes
include = registry
And the registry 'net conf list' I provided in my previous post.
śr., 14 gru 2022 o 12:49 Leszek Szczepanowski <twinsen at mspanc.net>
napisał(a):
> Hi,
>
> I was investigating why one user cannot write to the share.
> I recognized by using temporary 777 rights on that share, that despite it
> coming as exactly the same group as mine that is "Domain Users", the files
> are created with different GID.
>
> drwxrwxrwx+ 2 25360 100513 4096 Dec 14 11:27 FFFF
> drwxrwxrwx+ 2 47740 10513 4096 Dec 14 12:22 TEst123
>
> First one is mine
> second one is his
>
> [root at fs01 MK]# wbinfo -U 10513
> S-1-5-21-725345543-1060284298-1708537768-513
> [root at fs01 MK]# wbinfo -U 100513
> S-1-5-21-725345543-1060284298-1708537768-513
> [root at fs01 MK]# wbinfo -Y "S-1-5-21-725345543-1060284298-1708537768-513"
> 100513
> [root at fs01 MK]# wbinfo
> --lookup-sids="S-1-5-21-725345543-1060284298-1708537768-513"
> S-1-5-21-725345543-1060284298-1708537768-513 -> <none>\Domain Users 2
> [root at fs01 MK]# wbinfo -n "XXX\domain users"
> S-1-5-21-725345543-1060284298-1708537768-513 SID_DOM_GROUP (2)
> [root at fs01 MK]# wbinfo -n "domain users"
> S-1-5-21-725345543-1060284298-1708537768-513 SID_DOM_GROUP (2)
> [root at fs01 MK]# wbinfo -g "Domain Users 2"
> [full output of all AD groups]
> wbinfo -g "Domain Users gfdsgfdsfdsfdsfdsa"
> [same output of all AD groups"
>
> Here smb.conf:
>
> [global]
> logging = syslog
> clustering = yes
> security = ads
> realm = XXX.REDKNEE.COM
> map acl inherit = yes
> workgroup = XXX
> kerberos method = secrets and keytab
> idmap config * : backend = tdb
> ctdb:registry.tdb = yes
> netbios name = FS
> idmap config XXX: backend = rid
> idmap config * : range = 1000-7999
> winbind enum users = yes
> winbind enum groups = yes
> winbind refresh tickets = yes
> dedicated keytab file = /etc/krb5.keytab
> log level = 3
> password server = 172.16.32.5
> idmap config XXX: range = 10000-199999
>
> [symptoms]
> read only = no
> inherit acls = yes
> guest ok = no
> browseable = yes
> path = /mnt/glusterfs/symptoms/
> create mask = 0777
> force create mode = 0777
> directory mask = 0777
> force directory mode = 0777
>
> Please note that 777 is temporary, for debugging purposes :)
>
> Please advice why is that?
> --
> Leszek A. Szczepanowski
> twinsen at mspanc.net
>
--
--
Leszek A. Szczepanowski
twinsen at mspanc.net
More information about the samba
mailing list