[Samba] Different "Domain Users" GIDs created by rid backend

Leszek Szczepanowski twinsen at mspanc.net
Wed Dec 14 12:07:49 UTC 2022 

Hi,

Some more info:

[root at fs01 symptoms]# onnode all 'id "XXX\lszczepa"'

>> NODE: 10.254.94.11 <<
uid=25360(XXX\lszczepa) gid=100513(XXX\domain users)
groups=100513(XXX\domain users),25360(XXX\lszczepa) [...]

>> NODE: 10.254.94.12 <<
uid=25360(XXX\lszczepa) gid=10513(XXX\domain users) groups=10513(XXX\domain
users),25360(XXX\lszczepa) [...]

>> NODE: 10.254.94.13 <<
uid=25360(XXX\lszczepa) gid=10513(XXX\domain users) groups=10513(XXX\domain
users),25360(XXX\lszczepa) [...]

>> NODE: 10.254.94.14 <<
uid=25360(XXX\lszczepa) gid=10513(XXX\domain users) groups=10513(XXX\domain
users),25360(XXX\lszczepa) [...]

>> NODE: 10.254.94.15 <<
uid=25360(XXX\lszczepa) gid=10513(XXX\domain users) groups=10513(XXX\domain
users),25360(XXX\lszczepa) [...]

>> NODE: 10.254.94.16 <<
uid=25360(XXX\lszczepa) gid=10513(XXX\domain users) groups=10513(XXX\domain
users),25360(XXX\lszczepa) [...]

But why just on one node, there is different mapping, if there is the same
smb.conf for all nodes?

[global]
       clustering = yes
       ctdb:registry.tdb = yes
       include = registry

And the registry 'net conf list' I provided in my previous post.

śr., 14 gru 2022 o 12:49 Leszek Szczepanowski <twinsen at mspanc.net>
napisał(a):

> Hi,
>
> I was investigating why one user cannot write to the share.
> I recognized by using temporary 777 rights on that share, that despite it
> coming as exactly the same group as mine that is "Domain Users", the files
> are created with different GID.
>
> drwxrwxrwx+  2 25360 100513 4096 Dec 14 11:27 FFFF
> drwxrwxrwx+  2 47740  10513 4096 Dec 14 12:22 TEst123
>
> First one is mine
> second one is his
>
> [root at fs01 MK]# wbinfo -U 10513
> S-1-5-21-725345543-1060284298-1708537768-513
> [root at fs01 MK]# wbinfo -U 100513
> S-1-5-21-725345543-1060284298-1708537768-513
> [root at fs01 MK]# wbinfo -Y "S-1-5-21-725345543-1060284298-1708537768-513"
> 100513
> [root at fs01 MK]# wbinfo
> --lookup-sids="S-1-5-21-725345543-1060284298-1708537768-513"
> S-1-5-21-725345543-1060284298-1708537768-513 -> <none>\Domain Users 2
> [root at fs01 MK]# wbinfo -n "XXX\domain users"
> S-1-5-21-725345543-1060284298-1708537768-513 SID_DOM_GROUP (2)
> [root at fs01 MK]# wbinfo -n "domain users"
> S-1-5-21-725345543-1060284298-1708537768-513 SID_DOM_GROUP (2)
> [root at fs01 MK]# wbinfo -g "Domain Users 2"
> [full output of all AD groups]
> wbinfo -g "Domain Users gfdsgfdsfdsfdsfdsa"
> [same output of all AD groups"
>
>  Here smb.conf:
>
> [global]
>         logging = syslog
>         clustering = yes
>         security = ads
>         realm = XXX.REDKNEE.COM
>         map acl inherit = yes
>         workgroup = XXX
>         kerberos method = secrets and keytab
>         idmap config * : backend = tdb
>         ctdb:registry.tdb = yes
>         netbios name = FS
>         idmap config XXX: backend = rid
>         idmap config * : range = 1000-7999
>         winbind enum users = yes
>         winbind enum groups = yes
>         winbind refresh tickets = yes
>         dedicated keytab file = /etc/krb5.keytab
>         log level = 3
>         password server = 172.16.32.5
>         idmap config XXX: range = 10000-199999
>
> [symptoms]
>         read only = no
>         inherit acls = yes
>         guest ok = no
>         browseable = yes
>         path = /mnt/glusterfs/symptoms/
>         create mask = 0777
>         force create mode = 0777
>         directory mask = 0777
>         force directory mode = 0777
>
> Please note that 777 is temporary, for debugging purposes :)
>
> Please advice why is that?
> --
> Leszek A. Szczepanowski
> twinsen at mspanc.net
>


-- 
-- 
Leszek A. Szczepanowski
twinsen at mspanc.net

More information about the samba mailing list