[Samba] messed up group ids
Peter Carlson
peter at howudodat.com
Mon Oct 17 03:25:40 UTC 2022
I have a setup with about a dozen windows machines, and 4 ubuntu servers
their names are fairly obvious:
NC1 is the domain controler, filesvr is a file server joined to the
domain, xrdp is a rdp server also joined to the domain that mounts the
file server shares, and middleware is a non joined standalone server a
the moment.
I seem to have something wrong in my group SIDs:
root at filesvr:/data# ls -l BinaryData/
drwxr-xr-x 2 SDCP\peter 2000513 4096 Sep 30 15:45 2010
root at filesvr:/data# ls -l Ca****nt-Accounting/
-rwxrwx---+ 1 SDCP\peter SDCP\accounting 105984 May 16 2011
05.15.11.xls
On the file server I get errors on login:
groups: cannot find name for group ID 2000513
groups: cannot find name for group ID 2000512
and it cant' find all the groups while the rdp server can
SDCP\peter at filesvr:~$ id
uid=2001110(SDCP\peter) gid=2000513
groups=2000513,10000(BUILTIN\administrators),10001(BUILTIN\users),2000512,2000572(SDCP\denied
rodc password replication group),2001110(SDCP\peter),2001118(SDCP\linux
admins),2001136(SDCP\remotedesktop)
SDCP\peter at xrdp:~$ id
uid=2001110(SDCP\peter) gid=2000513(SDCP\domain users)
groups=2000513(SDCP\domain users),2000512(SDCP\domain
admins),2000572(SDCP\denied rodc password replication
group),2001110(SDCP\peter),2001118(SDCP\linux
admins),2001136(SDCP\remotedesktop)
---------------------------------- DC
---------------------------------------------------------
# Global parameters
[global]
netbios name = NC1
realm = SA****NT.LOCAL
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = SDCP
idmap_ldb:use rfc2307 = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/sa****nt.local/scripts
read only = No
---------------------------------- xRDP
------------------------------------------------------
xRDP Server - not a file server, smbd is not running
[global]
server role = standalone server
template homedir = /home/%U@%D
template shell = /bin/bash
usershare allow guests = yes
kerberos method = secrets and keytab
realm = SA****NT.LOCAL
workgroup = SDCP
security = ads
idmap config SDCP : range = 2000000-2999999
idmap config SDCP : backend = rid
idmap config * : range = 10000-999999
idmap config * : backend = tdb
winbind use default domain = no
winbind refresh tickets = yes
winbind offline logon = yes
winbind enum groups = no
winbind enum users = no
------------------------------------ File Server
---------------------------------------------
[global]
server role = standalone server
template homedir = /home/%U@%D
template shell = /bin/bash
usershare allow guests = yes
kerberos method = secrets and keytab
realm = SA****NT.LOCAL
workgroup = SDCP
security = ads
idmap config SDCP : range = 2000000-2999999
idmap config SDCP : backend = rid
idmap config * : range = 10000-999999
idmap config * : backend = tdb
winbind use default domain = no
winbind refresh tickets = yes
winbind offline logon = yes
winbind enum groups = no
winbind enum users = no
vfs objects = acl_xattr
map acl inherit = yes
#======================= Share Definitions =======================
[BinaryData]
path = /data/BinaryData
comment = Store for DB and Middleware
writable = yes
[Ca****nt-Accounting]
path = /data/Ca****nt-Accounting
comment = Accounting Files
writable = yes
More information about the samba
mailing list