Hello! My User is only in AD, the passwd see some User (system) with high GID in the same range of Samba Example: statd: x: 108: 65534 :: / var / lib / nfs: / bin / false My fear is that change again and lose everything again permissions, which had to redo everything ... Thank you Em 12-07-2016 16:21, Rowland penny escreveu:> On 12/07/16 20:03, Carlos A. P. Cunha wrote: >> Hello! >> >> My file server is running ubuntu samba 4.3.0 and today started the >> problem that my IDs have changed and this caused countless problems. >> In the logs I have the following: >> >> Jul 12 15:57:07 samba fileserver winbindd [1141] [07.12.2016 15: 57: >> 07.605992, 0] ../source3/winbindd/winbindd_group.c:45(fill_grent) >> Jul 12 15:57:07 samba fileserver winbindd [1141]: Failed to find >> domain 'Unix Group'. Check connection to trusted domains! >> Jul 12 15:57:07 samba fileserver winbindd [1141] [07.12.2016 15: 57: >> 07.606582, 0] ../source3/winbindd/winbindd_group.c:45(fill_grent) >> Jul 12 15:57:07 samba fileserver winbindd [1141]: Failed to find >> domain 'Unix Group'. Check connection to trusted domains! >> Jul 12 15:57:07 samba fileserver winbindd [1141] [07.12.2016 15: 57: >> 07.739510, 0] ../source3/winbindd/winbindd_group.c:45(fill_grent) >> Jul 12 15:57:07 samba fileserver winbindd [1141]: Failed to find >> domain 'Unix Group'. Check connection to trusted domains! >> Jul 12 15:57:07 samba fileserver winbindd [1141] [07.12.2016 15: 57: >> 07.743113, 0] ../source3/winbindd/winbindd_group.c:45(fill_grent) >> Jul 12 15:57:07 samba fileserver winbindd [1141]: Failed to find >> domain 'Unix Group'. Check connection to trusted domains! >> >> >> my smb.conf >> >> [global] >> >> netbios name = FILESERVER >> workgroup = SERVER >> security = ADS >> >> realm = MYDOMAIN >> dedicated keytab file = /etc/krb5.keytab >> kerberos method = secrets and keytab >> >> >> idmap config *: backend = tdb >> # I changed values for test >> idmap config *: range = 100000-9999999 >> idmap config SERVERAD: backend = rid >> # I changed values for test >> idmap config SERVERAD: range = 1000000000 to 9999999999 >> idmap_ldb: use RFC2307 = Yes >> >> winbind nss info = RFC2307 >> winbind trusted domains only = no >> winbind use default domain = yes >> winbind enum users = yes >> winbind enum groups = yes >> winbind refresh tickets = Yes >> winbind cache time = 10 >> >> # Needed for Fileserver >> vfs objects = acl_xattr >> map acl inherit = Yes >> store the attributes = Yes >> >> # Disable Cups >> load printers = no >> printing = bsd >> printcap name = / dev / null >> spoolss disable = yes >> >> >> I think the problem is that the ID are conflicting with the system: >> >> id user01 >> uid = 11458 (user01) gid = 10513 (domain users) groups = 10513 >> (domain users), 11458 (user01), 18249 (almox_grupo), 5001 (BUILTIN \ >> users) >> >> >> Thanks!! > > Hi, your 'id' command is showing this: uid = 11458(user01) and groups > = 11458(user01) > How is this occurring ? > Do you have a user or group called 'user01' in AD that is also in > /etc/passwd ? > If this is the case, you need to decide which one to keep and delete > the other, users/groups cannot exist in AD and /etc/passwd. > > Rowland >
On 12/07/16 20:34, Carlos A. P. Cunha wrote:> > Hello! > My User is only in AD, the passwd see some User (system) with high GID > in the same range of Samba > > Example: > statd: x: 108: 65534 :: / var / lib / nfs: / bin / false > > My fear is that change again and lose everything again permissions, > which had to redo everything ... > > Thank you > >you posted: id user01 uid = 11458 (user01) gid = 10513 (domain users) groups = 10513 (domain users), 11458 (user01), 18249 (almox_grupo), 5001 (BUILTIN \ users) if I check my id: rowland at devstation:~$ id rowland uid=10000(rowland) gid=10000(domain_users) groups=10000(domain_users),102(netdev),2001(BUILTIN\users) Notice the big difference, I do not have a private group like 'user01', where is your users private group coming from ? You also seem to be bothered by the user/group '65534', this is the Unix user/group nobody/nogroup and is only worth bothering about if and when you get to the AD user/group 65534. Or am I totally missing the point and all your AD users have changed ID number ? Rowland
Hello! I see what you mean, but it seems that all my User is this: Example: id suporteti uid = 11575 (suporteti) gid = 10513 (domain users) groups = 10513 (domain users), 11575 (suporteti), 5001 (BUILTIN \ users) id consinco uid = 12982 (consinco) gid = 10513 (domain users) groups = 10513 (domain users), 12982 (consinco), 5001 (BUILTIN \ users) In my DC the output of id: id suporteti uid = 3000515 (SERVER\ suporteti) gid = 100 (users) groups = 100 (users), 3000515 (SERVER \ suporteti), 3,000,001 (BUILTIN \ users) id consinco uid = 3000516 (SERVER \ consinco) gid = 100 (users) groups = 100 (users), 3000516 (SERVER \ consinco), 3,000,001 (BUILTIN \ users) Yes, all my User IDs have changed ... :-( Google Tradutor para empresas:Google Toolkit de tradução para apps <http://www.google.com.br/url?rs=rsmf&q=http://translate.google.com/toolkit%3Fhl%3Dpt-BR>Tradutor de sites <http://www.google.com.br/url?rs=rsmf&q=http://translate.google.com/manager/website/%3Fhl%3Dpt-BR>Global Market Finder <http://www.google.com.br/url?rs=rsmf&q=http://translate.google.com/globalmarketfinder/%3Flocale%3Dpt-BR> Em 12-07-2016 16:48, Rowland penny escreveu:> you posted: > > id user01 > uid = 11458 (user01) gid = 10513 (domain users) groups = 10513 (domain > users), 11458 (user01), 18249 (almox_grupo), 5001 (BUILTIN \ users) > > if I check my id: > > rowland at devstation:~$ id rowland > uid=10000(rowland) gid=10000(domain_users) > groups=10000(domain_users),102(netdev),2001(BUILTIN\users) > > Notice the big difference, I do not have a private group like > 'user01', where is your users private group coming from ? > > You also seem to be bothered by the user/group '65534', this is the > Unix user/group nobody/nogroup and is only worth bothering about if > and when you get to the AD user/group 65534. > > Or am I totally missing the point and all your AD users have changed > ID number ?