[Samba] messed up group ids

Peter Carlson peter at howudodat.com
Mon Oct 17 20:00:43 UTC 2022 

Here's a bit more info.  If I am not a member of a certain group, the ls 
command just shows the gid, after becoming a member, it shows the group 
name.  after removing myself from that group ls still shows the group name

SDCP\peter at filesvr:~$ id
uid=2001110(SDCP\peter) gid=2000513(SDCP\domain users) 
groups=2000513(SDCP\domain 
users),10000(BUILTIN\administrators),10001(BUILTIN\users),2000512,2000572(SDCP\denied 
rodc password replication group),2001110(SDCP\peter),2001118(SDCP\linux 
admins),2001136(SDCP\remotedesktop)
SDCP\peter at filesvr:~$ ls -l /data/Secure/
total 916
-rwxrwx---+  1 SDCP\peter 2001108  31232 May 19  2017 'AVG License 
Retrieval.msg'

=====================  After adding myself to a couple of groups:

SDCP\peter at filesvr:~$ id
uid=2001110(SDCP\peter) gid=2000513(SDCP\domain users) 
groups=2000513(SDCP\domain 
users),10000(BUILTIN\administrators),10001(BUILTIN\users),2000512,2000572(SDCP\denied 
rodc password replication 
group),2001106(SDCP\accounting),2001107(SDCP\dbusers),2001108(SDCP\managers),2001110(SDCP\peter),2001118(SDCP\linux 
admins),2001136(SDCP\remotedesktop)
SDCP\peter at filesvr:~$ ls -l /data/Secure/
total 916
-rwxrwx---+  1 SDCP\peter SDCP\managers  31232 May 19  2017 'AVG License 
Retrieval.msg'

But it still cant figure out Domain Admins (2000512), even though wbinfo can

wbinfo --name-to-sid "Domain Admins"
S-1-5-21-352062930-1555017353-2732629723-512 SID_DOM_GROUP (2)

Peter

On 10/17/22 08:32, Peter Carlson via samba wrote:
> No that's historical info:  DC: Windows -> Synology -> Ubuntu 22.04 
> smbd 4.15.9
>
> Windows DC went away sometime in 2015ish, Synology died about 2 weeks 
> ago.
>
> On 10/17/22 08:28, Rowland Penny via samba wrote:
>>
>>
>> On 17/10/2022 15:13, Peter Carlson via samba wrote:
>>> ok I made the recommended changes and ran net cache flush, 
>>> afterwards Domain Users was correct, but Domain Admins not. results 
>>> of "id" command are below
>>>
>>>
>>>>>
>>>>> and it cant' find all the groups while the rdp server can
>>>>
>>>> No, that is wrong, if you look closely, the rdp server is missing 
>>>> two groups but the fileserver is showing two groups by ID only (not 
>>>> by name)
>>>
>>> Yes I missed the 2 BUILTIN groups, I dont know if that's a problem 
>>> or not, after net cache flush, here are the 2 servers
>>>
>>> --------------------  RDP----------------------
>>> uid=2001110(SDCP\peter)
>>> gid=2000513(SDCP\domain users)
>>> groups=
>>>      2000513(SDCP\domain users),
>>>      2000512(SDCP\domain admins),
>>>      2000572(SDCP\denied rodc password replication group),
>>>      2001110(SDCP\peter),
>>>      2001118(SDCP\linux admins),
>>>      2001136(SDCP\remotedesktop)
>>>
>>> ------------------- File Server ---------------
>>> uid=2001110(SDCP\peter)
>>> gid=2000513(SDCP\domain users)
>>> groups=
>>>      2000513(SDCP\domain users),
>>>      10000(BUILTIN\administrators),
>>>      10001(BUILTIN\users),
>>>      2000512,
>>>      2000572(SDCP\denied rodc password replication group),
>>>      2001110(SDCP\peter),
>>>      2001118(SDCP\linux admins),
>>>      2001136(SDCP\remotedesktop)
>>
>> That's better, now you have only one group not showing up by name and 
>> there doesn't seem to be a reason for it, apart from, if I understand 
>> correctly, the DC is running on a synology NAS. Now Samba on a 
>> synology machine is not basic Samba, from my understanding it is an 
>> old version of Samba with improvements from synology and as they do 
>> not make these 'improvements' public, I have no idea if they could be 
>> causing your problem.
>>
>> Anyone else running a DC on a synology NAS ?
>>
>> Rowland
>>
>>
>

More information about the samba mailing list