[Samba] messed up group ids
Peter Carlson
peter at howudodat.com
Mon Oct 17 20:00:43 UTC 2022
Here's a bit more info. If I am not a member of a certain group, the ls
command just shows the gid, after becoming a member, it shows the group
name. after removing myself from that group ls still shows the group name
SDCP\peter at filesvr:~$ id
uid=2001110(SDCP\peter) gid=2000513(SDCP\domain users)
groups=2000513(SDCP\domain
users),10000(BUILTIN\administrators),10001(BUILTIN\users),2000512,2000572(SDCP\denied
rodc password replication group),2001110(SDCP\peter),2001118(SDCP\linux
admins),2001136(SDCP\remotedesktop)
SDCP\peter at filesvr:~$ ls -l /data/Secure/
total 916
-rwxrwx---+ 1 SDCP\peter 2001108 31232 May 19 2017 'AVG License
Retrieval.msg'
===================== After adding myself to a couple of groups:
SDCP\peter at filesvr:~$ id
uid=2001110(SDCP\peter) gid=2000513(SDCP\domain users)
groups=2000513(SDCP\domain
users),10000(BUILTIN\administrators),10001(BUILTIN\users),2000512,2000572(SDCP\denied
rodc password replication
group),2001106(SDCP\accounting),2001107(SDCP\dbusers),2001108(SDCP\managers),2001110(SDCP\peter),2001118(SDCP\linux
admins),2001136(SDCP\remotedesktop)
SDCP\peter at filesvr:~$ ls -l /data/Secure/
total 916
-rwxrwx---+ 1 SDCP\peter SDCP\managers 31232 May 19 2017 'AVG License
Retrieval.msg'
But it still cant figure out Domain Admins (2000512), even though wbinfo can
wbinfo --name-to-sid "Domain Admins"
S-1-5-21-352062930-1555017353-2732629723-512 SID_DOM_GROUP (2)
Peter
On 10/17/22 08:32, Peter Carlson via samba wrote:
> No that's historical info: DC: Windows -> Synology -> Ubuntu 22.04
> smbd 4.15.9
>
> Windows DC went away sometime in 2015ish, Synology died about 2 weeks
> ago.
>
> On 10/17/22 08:28, Rowland Penny via samba wrote:
>>
>>
>> On 17/10/2022 15:13, Peter Carlson via samba wrote:
>>> ok I made the recommended changes and ran net cache flush,
>>> afterwards Domain Users was correct, but Domain Admins not. results
>>> of "id" command are below
>>>
>>>
>>>>>
>>>>> and it cant' find all the groups while the rdp server can
>>>>
>>>> No, that is wrong, if you look closely, the rdp server is missing
>>>> two groups but the fileserver is showing two groups by ID only (not
>>>> by name)
>>>
>>> Yes I missed the 2 BUILTIN groups, I dont know if that's a problem
>>> or not, after net cache flush, here are the 2 servers
>>>
>>> -------------------- RDP----------------------
>>> uid=2001110(SDCP\peter)
>>> gid=2000513(SDCP\domain users)
>>> groups=
>>> 2000513(SDCP\domain users),
>>> 2000512(SDCP\domain admins),
>>> 2000572(SDCP\denied rodc password replication group),
>>> 2001110(SDCP\peter),
>>> 2001118(SDCP\linux admins),
>>> 2001136(SDCP\remotedesktop)
>>>
>>> ------------------- File Server ---------------
>>> uid=2001110(SDCP\peter)
>>> gid=2000513(SDCP\domain users)
>>> groups=
>>> 2000513(SDCP\domain users),
>>> 10000(BUILTIN\administrators),
>>> 10001(BUILTIN\users),
>>> 2000512,
>>> 2000572(SDCP\denied rodc password replication group),
>>> 2001110(SDCP\peter),
>>> 2001118(SDCP\linux admins),
>>> 2001136(SDCP\remotedesktop)
>>
>> That's better, now you have only one group not showing up by name and
>> there doesn't seem to be a reason for it, apart from, if I understand
>> correctly, the DC is running on a synology NAS. Now Samba on a
>> synology machine is not basic Samba, from my understanding it is an
>> old version of Samba with improvements from synology and as they do
>> not make these 'improvements' public, I have no idea if they could be
>> causing your problem.
>>
>> Anyone else running a DC on a synology NAS ?
>>
>> Rowland
>>
>>
>
More information about the samba
mailing list