Sorry for the serial posting, but ... anxious ... I think there must be a bug in Samba 4.4.8, this all worked with 4.2.14. To summarize (details in attached messages), since upgrading from Samba 4.2.14 to 4.4.8, getent returns the wrong UID:GID. This is causing permission errors in programs like dovecot who try to read/write to Maildir files having the correct UID:GID. With 4.4.8 I now have sam.ldb in /etc/samba/private (same with 4.2.14) and also in /var/lib/samba/private. Details in preceding message. Not sure which is the one being used. With 4.2.14 on AD/DC (CORRECT): $ getent passwd mark HPRS\mark:*:10001:10000:Mark Foley:/home/HPRS/mark:/bin/false With 4.4.8 on AD/DC: $ getent passwd mark HPRS\mark:*:3000026:100:Mark Foley:/home/HPRS/mark:/bin/bash With 4.4.5 on domain member labrat (CORRECT): $ getent passwd mark mark:*:10001:10000::/home/HPRS/mark:/bin/bash Meanwhile, pending feedback from this list, I've added user 'mark' to /etc/passwd: mark:x:10001:10000::/home/HPRS/mark:/bin/bash and now getent on the 4.4.8 AD/DC is back to normal: $ getent passwd mark mark:x:10001:10000::/home/HPRS/mark:/bin/bash Permissions are now working with email MTA, etc. While I'm at it, I did find the newly bad UID 3000026 in /etc/samba/private/idmap.ldb. The entry therein: # record 44 dn: CN=S-1-5-21-1052267278-1962196458-4119365663-1111 cn: S-1-5-21-1052267278-1962196458-4119365663-1111 objectClass: sidMap objectSid: S-1-5-21-1052267278-1962196458-4119365663-1111 type: ID_TYPE_BOTH xidNumber: 3000026 distinguishedName: CN=S-1-5-21-1052267278-1962196458-4119365663-1111 Not sure that is meaningful. Any help on this would be GREATLY appreciated. --Mark -----Original Message----- Date: Tue, 24 Jan 2017 23:25:35 -0500 To: samba at lists.samba.org Subject: Re: [Samba] getent problems with new Samba version From: Mark Foley via samba <samba at lists.samba.org> More information (possibly too much). Since "things" are defined in sam.ldb, I compared before and after the Samba 4.2.14 to 4.4.8 update. Here are the sam.ldb related files from the old 4.2.14 version: -rw------- root/root 4247552 2014-10-20 23:54 etc/samba/private/sam.ldb -rw------- root/root 4689920 2017-01-14 11:09 etc/samba/private/sam.ldb.bak drwx------ root/root 0 2017-01-14 11:09 etc/samba/private/sam.ldb.d/ -rw------- root/root 4247552 2017-01-14 13:24 etc/samba/private/sam.ldb.d/DC=HPRS,DC=LOCAL.ldb -rw------- root/root 14610432 2017-01-14 11:09 etc/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=HPRS,DC=LOCAL.ldb.bak -rw------- root/root 20475904 2014-10-20 23:54 etc/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=HPRS,DC=LOCAL.ldb -rw------- root/root 2371584 2017-01-14 11:09 etc/samba/private/sam.ldb.d/DC=HPRS,DC=LOCAL.ldb.bak -rw-r----- root/root 8192 2017-01-14 11:09 etc/samba/private/sam.ldb.d/metadata.tdb.bak -rw-r----- root/root 421888 2017-01-14 11:50 etc/samba/private/sam.ldb.d/metadata.tdb -rw------- root/root 14307328 2015-08-13 21:03 etc/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=HPRS,DC=LOCAL.ldb -rw------- root/root 8802304 2017-01-14 11:09 etc/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=HPRS,DC=LOCAL.ldb.bak and the new 4.4.8 version: -rw------- 1 root root 4247552 Oct 20 2014 /etc/samba/private/sam.ldb -rw------- 1 root root 4689920 Jan 24 00:10 /etc/samba/private/sam.ldb.bak -rw------- 1 root root 4247552 Oct 20 2014 /var/lib/samba/private/sam.ldb -rw------- 1 root root 4689920 Jan 24 00:11 /var/lib/samba/private/sam.ldb.bak> ls -l /etc/samba/private/sam.ldb.dtotal 63716 -rw------- 1 root root 14307328 Aug 13 2015 CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb -rw------- 1 root root 8802304 Jan 24 00:11 CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb.bak -rw------- 1 root root 20475904 Oct 20 2014 CN\=SCHEMA,CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb -rw------- 1 root root 14610432 Jan 24 00:11 CN\=SCHEMA,CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb.bak -rw------- 1 root root 4247552 Jan 14 13:24 DC\=HPRS,DC\=LOCAL.ldb -rw------- 1 root root 2371584 Jan 24 00:10 DC\=HPRS,DC\=LOCAL.ldb.bak -rw-r----- 1 root root 421888 Jan 14 11:50 metadata.tdb -rw-r----- 1 root root 8192 Jan 16 00:11 metadata.tdb.bak> ls -l /var/lib/samba/private/sam.ldb.dtotal 63996 -rw------- 1 root root 14307328 Aug 13 2015 CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb -rw------- 1 root root 8802304 Jan 24 00:11 CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb.bak -rw------- 1 root root 20475904 Oct 20 2014 CN\=SCHEMA,CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb -rw------- 1 root root 14610432 Jan 24 00:11 CN\=SCHEMA,CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb.bak -rw------- 1 root root 4247552 Jan 24 22:57 DC\=HPRS,DC\=LOCAL.ldb -rw------- 1 root root 2658304 Jan 24 00:11 DC\=HPRS,DC\=LOCAL.ldb.bak -rw-r----- 1 root root 421888 Jan 24 20:53 metadata.tdb -rw-r----- 1 root root 8192 Jan 24 00:11 metadata.tdb.bak One thing noticable to me right off is that, while both versions have ldb files in /etc/samba/private, with 4.4.8 there is an additional set in /var/lib/samba/private. Why? Did 4.4.8 change the location of these files? But, it's not like 4.4.8 is using /var/lib/samba/private instead of /etc/samba/private. You will notice that the sam.ldb* are updated in both places with 4.4.8. I stop Samba just after midnight to do a backup, which is probably why all the .bak timestamps at 00:1[01]. But why are the actual sam.ldb files still dated for October 20, 2014 (when I first installed Samba4)? I know I've made changes since then, such as msSFU30MaxGidNumber and msSFU30MaxGidNumber, and the uidNumber and gidNumber for some users. Also, when I do `ldedit -H /etc/samba/private/sam.ldb` (and /var/lib/samba/private/sam.ldb), user 'mark' is correctly set to: uidNumber: 10001 gidNumber: 10000 in both cases. So where is UID:GID 3000026:100 coming from when I do getent? Confused, --Mark -----Original Message----- Date: Tue, 24 Jan 2017 21:35:09 -0500 To: samba at lists.samba.org Subject: [Samba] getent problems with new Samba version From: Mark Foley via samba <samba at lists.samba.org> I have been running Samba4 as AD/DC for a mixed Windows/Linux office domain for a little over 2 1/2 years now. I've needed a few tweaks from Roland, but basically it has run flawless during that time. 10 days ago, I upgrade to Slackware 14.2 from 14.1. Samba was likewise upgraded from version 4.2.14 to 4.4.8. I'm having a serious problem ... before the upgrade getent gave me: $ getent passwd mark HPRS\mark:*:10001:10000:Mark Foley:/home/HPRS/mark:/bin/false which is correct. After the upgrade I get: $ getent passwd mark HPRS\mark:*:3000026:100:Mark Foley:/home/HPRS/mark:/bin/bash In RSAT > Active Directory Users and Computers > [user] properties > UNIX Attributes, this user's UID is shown as 10001 and Primary group is "Domain Users" which is 10000. So, correct in RSAT. smb.conf is unchanged. These UID/GID settings are similar to the defaults from when I installed samba4 back in 2015! Why did these change? Why are they not reflecting what is shown in RSAT? This is a production office server and this issue is causing me a lot of headaches with existing files owned by the user as UID/GID 10001:10000, but now systems are trying to rw these files as 3000026:100. I'm getting permission denied errors, esp. in IMAP folders. How can I fix this? Help! Urgent! THX --Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Would "testparm -v" show you the path of all the files used ? Are there any idmap settings? It looks like the newer version is using winbind to allocate uid's (based on the high ID numbers.) Maybe because it does not see uid's already allocated. The domain member may be showing correct id's because of caching. -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Mark Foley via samba Sent: Wednesday, January 25, 2017 10:00 AM To: samba at lists.samba.org Subject: Re: [Samba] getent problems with new Samba version Sorry for the serial posting, but ... anxious ... I think there must be a bug in Samba 4.4.8, this all worked with 4.2.14. To summarize (details in attached messages), since upgrading from Samba 4.2.14 to 4.4.8, getent returns the wrong UID:GID. This is causing permission errors in programs like dovecot who try to read/write to Maildir files having the correct UID:GID. With 4.4.8 I now have sam.ldb in /etc/samba/private (same with 4.2.14) and also in /var/lib/samba/private. Details in preceding message. Not sure which is the one being used. With 4.2.14 on AD/DC (CORRECT): $ getent passwd mark HPRS\mark:*:10001:10000:Mark Foley:/home/HPRS/mark:/bin/false With 4.4.8 on AD/DC: $ getent passwd mark HPRS\mark:*:3000026:100:Mark Foley:/home/HPRS/mark:/bin/bash With 4.4.5 on domain member labrat (CORRECT): $ getent passwd mark mark:*:10001:10000::/home/HPRS/mark:/bin/bash Meanwhile, pending feedback from this list, I've added user 'mark' to /etc/passwd: mark:x:10001:10000::/home/HPRS/mark:/bin/bash and now getent on the 4.4.8 AD/DC is back to normal: $ getent passwd mark mark:x:10001:10000::/home/HPRS/mark:/bin/bash Permissions are now working with email MTA, etc. While I'm at it, I did find the newly bad UID 3000026 in /etc/samba/private/idmap.ldb. The entry therein: # record 44 dn: CN=S-1-5-21-1052267278-1962196458-4119365663-1111 cn: S-1-5-21-1052267278-1962196458-4119365663-1111 objectClass: sidMap objectSid: S-1-5-21-1052267278-1962196458-4119365663-1111 type: ID_TYPE_BOTH xidNumber: 3000026 distinguishedName: CN=S-1-5-21-1052267278-1962196458-4119365663-1111 Not sure that is meaningful. Any help on this would be GREATLY appreciated. --Mark -----Original Message----- Date: Tue, 24 Jan 2017 23:25:35 -0500 To: samba at lists.samba.org Subject: Re: [Samba] getent problems with new Samba version From: Mark Foley via samba <samba at lists.samba.org> More information (possibly too much). Since "things" are defined in sam.ldb, I compared before and after the Samba 4.2.14 to 4.4.8 update. Here are the sam.ldb related files from the old 4.2.14 version: -rw------- root/root 4247552 2014-10-20 23:54 etc/samba/private/sam.ldb -rw------- root/root 4689920 2017-01-14 11:09 etc/samba/private/sam.ldb.bak drwx------ root/root 0 2017-01-14 11:09 etc/samba/private/sam.ldb.d/ -rw------- root/root 4247552 2017-01-14 13:24 etc/samba/private/sam.ldb.d/DC=HPRS,DC=LOCAL.ldb -rw------- root/root 14610432 2017-01-14 11:09 etc/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=HPRS,DC=LOCAL.ldb.bak -rw------- root/root 20475904 2014-10-20 23:54 etc/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=HPRS,DC=LOCAL.ldb -rw------- root/root 2371584 2017-01-14 11:09 etc/samba/private/sam.ldb.d/DC=HPRS,DC=LOCAL.ldb.bak -rw-r----- root/root 8192 2017-01-14 11:09 etc/samba/private/sam.ldb.d/metadata.tdb.bak -rw-r----- root/root 421888 2017-01-14 11:50 etc/samba/private/sam.ldb.d/metadata.tdb -rw------- root/root 14307328 2015-08-13 21:03 etc/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=HPRS,DC=LOCAL.ldb -rw------- root/root 8802304 2017-01-14 11:09 etc/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=HPRS,DC=LOCAL.ldb.bak and the new 4.4.8 version: -rw------- 1 root root 4247552 Oct 20 2014 /etc/samba/private/sam.ldb -rw------- 1 root root 4689920 Jan 24 00:10 /etc/samba/private/sam.ldb.bak -rw------- 1 root root 4247552 Oct 20 2014 /var/lib/samba/private/sam.ldb -rw------- 1 root root 4689920 Jan 24 00:11 /var/lib/samba/private/sam.ldb.bak> ls -l /etc/samba/private/sam.ldb.dtotal 63716 -rw------- 1 root root 14307328 Aug 13 2015 CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb -rw------- 1 root root 8802304 Jan 24 00:11 CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb.bak -rw------- 1 root root 20475904 Oct 20 2014 CN\=SCHEMA,CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb -rw------- 1 root root 14610432 Jan 24 00:11 CN\=SCHEMA,CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb.bak -rw------- 1 root root 4247552 Jan 14 13:24 DC\=HPRS,DC\=LOCAL.ldb -rw------- 1 root root 2371584 Jan 24 00:10 DC\=HPRS,DC\=LOCAL.ldb.bak -rw-r----- 1 root root 421888 Jan 14 11:50 metadata.tdb -rw-r----- 1 root root 8192 Jan 16 00:11 metadata.tdb.bak> ls -l /var/lib/samba/private/sam.ldb.dtotal 63996 -rw------- 1 root root 14307328 Aug 13 2015 CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb -rw------- 1 root root 8802304 Jan 24 00:11 CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb.bak -rw------- 1 root root 20475904 Oct 20 2014 CN\=SCHEMA,CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb -rw------- 1 root root 14610432 Jan 24 00:11 CN\=SCHEMA,CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb.bak -rw------- 1 root root 4247552 Jan 24 22:57 DC\=HPRS,DC\=LOCAL.ldb -rw------- 1 root root 2658304 Jan 24 00:11 DC\=HPRS,DC\=LOCAL.ldb.bak -rw-r----- 1 root root 421888 Jan 24 20:53 metadata.tdb -rw-r----- 1 root root 8192 Jan 24 00:11 metadata.tdb.bak One thing noticable to me right off is that, while both versions have ldb files in /etc/samba/private, with 4.4.8 there is an additional set in /var/lib/samba/private. Why? Did 4.4.8 change the location of these files? But, it's not like 4.4.8 is using /var/lib/samba/private instead of /etc/samba/private. You will notice that the sam.ldb* are updated in both places with 4.4.8. I stop Samba just after midnight to do a backup, which is probably why all the .bak timestamps at 00:1[01]. But why are the actual sam.ldb files still dated for October 20, 2014 (when I first installed Samba4)? I know I've made changes since then, such as msSFU30MaxGidNumber and msSFU30MaxGidNumber, and the uidNumber and gidNumber for some users. Also, when I do `ldedit -H /etc/samba/private/sam.ldb` (and /var/lib/samba/private/sam.ldb), user 'mark' is correctly set to: uidNumber: 10001 gidNumber: 10000 in both cases. So where is UID:GID 3000026:100 coming from when I do getent? Confused, --Mark -----Original Message----- Date: Tue, 24 Jan 2017 21:35:09 -0500 To: samba at lists.samba.org Subject: [Samba] getent problems with new Samba version From: Mark Foley via samba <samba at lists.samba.org> I have been running Samba4 as AD/DC for a mixed Windows/Linux office domain for a little over 2 1/2 years now. I've needed a few tweaks from Roland, but basically it has run flawless during that time. 10 days ago, I upgrade to Slackware 14.2 from 14.1. Samba was likewise upgraded from version 4.2.14 to 4.4.8. I'm having a serious problem ... before the upgrade getent gave me: $ getent passwd mark HPRS\mark:*:10001:10000:Mark Foley:/home/HPRS/mark:/bin/false which is correct. After the upgrade I get: $ getent passwd mark HPRS\mark:*:3000026:100:Mark Foley:/home/HPRS/mark:/bin/bash In RSAT > Active Directory Users and Computers > [user] properties > UNIX Attributes, this user's UID is shown as 10001 and Primary group is "Domain Users" which is 10000. So, correct in RSAT. smb.conf is unchanged. These UID/GID settings are similar to the defaults from when I installed samba4 back in 2015! Why did these change? Why are they not reflecting what is shown in RSAT? This is a production office server and this issue is causing me a lot of headaches with existing files owned by the user as UID/GID 10001:10000, but now systems are trying to rw these files as 3000026:100. I'm getting permission denied errors, esp. in IMAP folders. How can I fix this? Help! Urgent! THX --Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
on Wed, 25 Jan 2017 20:15:49 -0500 Gaiseric Vandal wrote:> Would "testparm -v" show you the path of all the files used ? Are there any idmap settings?Gaiseric, thanks for your response. the `testparm -v` gave me: private dir = /var/lib/samba/private So, I guess that means the sam.ldb in that directory is the one being used, not the one in /etc/samba/private. That helps. Thanks for that tip. The newer Samba 4.4.8 must have somehow been smart enough to find the 4.2.12 sam.ldb in /etc/samba/private and copy it over to the new location because there was no /var/lib/samba/private with my 4.2.12, and the contents of both sam.ldb's is the same including changes I made.> It looks like the newer version is using winbind to allocate uid's (based on the high ID > numbers.) Maybe because it does not see uid's already allocated./var/lib/samba/private/sam.ldb, /etc/samba/private/sam.ldb and RSAT/ADUC all show the "correct" UID:GIDs for users, for example 10001:10000. So, if Samba 4.4.8 "is using winbind to allocate uid's", how can I make it stop that and use the ids actually configured in sam.ldb? That's the question, basically: why is windbind (or whatever) arbitrarily generating UID:GIDs instead of using the configured ids? You are likely right on this too. As Rowland Penny wrote on 10/11/2015 17:15, "wbinfo goes straight to winbind, which goes to where you have told it to. getent goes via nssswitch, ...". and wbinfo still returns: $ wbinfo -i mark HPRS\mark:*:3000026:100:Mark Foley:/home/HPRS/mark:/bin/bash Rowland said, "winbind ... goes to where you have told it to". Where would that be? Apparently not sam.ldb. One possible clue here might be that the 30000xx:100 range were the defaults that Samba4 initially used by default when I provisioned my domain in 2014. I changed these to facilitate single-sign-on on other Linux domain members per Rowland Penny's suggestion: On Sun, 11 Oct 2015 18:01:05 +0100 Rowland Penny <rowlandpenny241155 at gmail.com> wrote:> I would not use 300099, if you have already got users with uidNumbers, I > would change them and start the numbers from '10000' (yes, you can have > a user and a group with the same number), but this is what I would do. > You can, if you so wish, use '3000099' , but there is no reason to do > so, if the user or a group has a uid/gidNumber, the DC will use these > numbers instead of the '3000000' numbers. > : > I am glad you are changing the uidNumber numbers, if you hadn't, you > would have needed this in smb.conf on a domain member: > idmap config DOMAIN: 100-4000000 > Something you definitely didn't really want to have.He wrote elsewhere how to make that change using ldbedit, which I did, and it all worked perfectly then. Now, the current version seems to have reverted to default UID:GID and is ignoring sam.ldb settings. So, any ideas on why and how I can fix it?> The domain member may be showing correct id's because of caching.You may be right on this. To test, I changed the /etc/passwd UID for user mark, then did the `getent` on the domain member and it still shows the correct UID:GID 10001:10000.> -----Original Message----- > From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Mark Foley via samba > Sent: Wednesday, January 25, 2017 10:00 AM > To: samba at lists.samba.org > Subject: Re: [Samba] getent problems with new Samba version > > Sorry for the serial posting, but ... anxious ... > > I think there must be a bug in Samba 4.4.8, this all worked with 4.2.14. > > To summarize (details in attached messages), since upgrading from Samba 4.2.14 to 4.4.8, getent returns the wrong UID:GID. This is causing permission errors in programs like dovecot who try to read/write to Maildir files having the correct UID:GID. > > With 4.4.8 I now have sam.ldb in /etc/samba/private (same with 4.2.14) and also in /var/lib/samba/private. Details in preceding message. Not sure which is the one being used. > > With 4.2.14 on AD/DC (CORRECT): > $ getent passwd mark > HPRS\mark:*:10001:10000:Mark Foley:/home/HPRS/mark:/bin/false > > With 4.4.8 on AD/DC: > $ getent passwd mark > HPRS\mark:*:3000026:100:Mark Foley:/home/HPRS/mark:/bin/bash > > With 4.4.5 on domain member labrat (CORRECT): > $ getent passwd mark > mark:*:10001:10000::/home/HPRS/mark:/bin/bash > > Meanwhile, pending feedback from this list, I've added user 'mark' to /etc/passwd: > > mark:x:10001:10000::/home/HPRS/mark:/bin/bash > > and now getent on the 4.4.8 AD/DC is back to normal: > > $ getent passwd mark > mark:x:10001:10000::/home/HPRS/mark:/bin/bash > > Permissions are now working with email MTA, etc. > > While I'm at it, I did find the newly bad UID 3000026 in /etc/samba/private/idmap.ldb. > The entry therein: > > # record 44 > dn: CN=S-1-5-21-1052267278-1962196458-4119365663-1111 > cn: S-1-5-21-1052267278-1962196458-4119365663-1111 > objectClass: sidMap > objectSid: S-1-5-21-1052267278-1962196458-4119365663-1111 > type: ID_TYPE_BOTH > xidNumber: 3000026 > distinguishedName: CN=S-1-5-21-1052267278-1962196458-4119365663-1111 > > Not sure that is meaningful. > > Any help on this would be GREATLY appreciated. > > --Mark > > -----Original Message----- > Date: Tue, 24 Jan 2017 23:25:35 -0500 > To: samba at lists.samba.org > Subject: Re: [Samba] getent problems with new Samba version > From: Mark Foley via samba <samba at lists.samba.org> > > More information (possibly too much). > > Since "things" are defined in sam.ldb, I compared before and after the Samba 4.2.14 to 4.4.8 update. Here are the sam.ldb related files from the old 4.2.14 version: > > -rw------- root/root 4247552 2014-10-20 23:54 etc/samba/private/sam.ldb > -rw------- root/root 4689920 2017-01-14 11:09 etc/samba/private/sam.ldb.bak > > drwx------ root/root 0 2017-01-14 11:09 etc/samba/private/sam.ldb.d/ > -rw------- root/root 4247552 2017-01-14 13:24 etc/samba/private/sam.ldb.d/DC=HPRS,DC=LOCAL.ldb > -rw------- root/root 14610432 2017-01-14 11:09 etc/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=HPRS,DC=LOCAL.ldb.bak > -rw------- root/root 20475904 2014-10-20 23:54 etc/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=HPRS,DC=LOCAL.ldb > -rw------- root/root 2371584 2017-01-14 11:09 etc/samba/private/sam.ldb.d/DC=HPRS,DC=LOCAL.ldb.bak > -rw-r----- root/root 8192 2017-01-14 11:09 etc/samba/private/sam.ldb.d/metadata.tdb.bak > -rw-r----- root/root 421888 2017-01-14 11:50 etc/samba/private/sam.ldb.d/metadata.tdb > -rw------- root/root 14307328 2015-08-13 21:03 etc/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=HPRS,DC=LOCAL.ldb > -rw------- root/root 8802304 2017-01-14 11:09 etc/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=HPRS,DC=LOCAL.ldb.bak > > and the new 4.4.8 version: > > -rw------- 1 root root 4247552 Oct 20 2014 /etc/samba/private/sam.ldb > -rw------- 1 root root 4689920 Jan 24 00:10 /etc/samba/private/sam.ldb.bak > -rw------- 1 root root 4247552 Oct 20 2014 /var/lib/samba/private/sam.ldb > -rw------- 1 root root 4689920 Jan 24 00:11 /var/lib/samba/private/sam.ldb.bak > > > ls -l /etc/samba/private/sam.ldb.d > total 63716 > -rw------- 1 root root 14307328 Aug 13 2015 CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb > -rw------- 1 root root 8802304 Jan 24 00:11 CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb.bak > -rw------- 1 root root 20475904 Oct 20 2014 CN\=SCHEMA,CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb > -rw------- 1 root root 14610432 Jan 24 00:11 CN\=SCHEMA,CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb.bak > -rw------- 1 root root 4247552 Jan 14 13:24 DC\=HPRS,DC\=LOCAL.ldb > -rw------- 1 root root 2371584 Jan 24 00:10 DC\=HPRS,DC\=LOCAL.ldb.bak > -rw-r----- 1 root root 421888 Jan 14 11:50 metadata.tdb > -rw-r----- 1 root root 8192 Jan 16 00:11 metadata.tdb.bak > > > ls -l /var/lib/samba/private/sam.ldb.d > total 63996 > -rw------- 1 root root 14307328 Aug 13 2015 CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb > -rw------- 1 root root 8802304 Jan 24 00:11 CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb.bak > -rw------- 1 root root 20475904 Oct 20 2014 CN\=SCHEMA,CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb > -rw------- 1 root root 14610432 Jan 24 00:11 CN\=SCHEMA,CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb.bak > -rw------- 1 root root 4247552 Jan 24 22:57 DC\=HPRS,DC\=LOCAL.ldb > -rw------- 1 root root 2658304 Jan 24 00:11 DC\=HPRS,DC\=LOCAL.ldb.bak > -rw-r----- 1 root root 421888 Jan 24 20:53 metadata.tdb > -rw-r----- 1 root root 8192 Jan 24 00:11 metadata.tdb.bak > > One thing noticable to me right off is that, while both versions have ldb files in /etc/samba/private, with 4.4.8 there is an additional set in /var/lib/samba/private. Why? Did > 4.4.8 change the location of these files? > > But, it's not like 4.4.8 is using /var/lib/samba/private instead of /etc/samba/private. You will notice that the sam.ldb* are updated in both places with 4.4.8. > > I stop Samba just after midnight to do a backup, which is probably why all the .bak timestamps at 00:1[01]. But why are the actual sam.ldb files still dated for October 20, 2014 (when I first installed Samba4)? I know I've made changes since then, such as msSFU30MaxGidNumber and msSFU30MaxGidNumber, and the uidNumber and gidNumber for some users. > > Also, when I do `ldedit -H /etc/samba/private/sam.ldb` (and /var/lib/samba/private/sam.ldb), user 'mark' is correctly set to: > > uidNumber: 10001 > gidNumber: 10000 > > in both cases. So where is UID:GID 3000026:100 coming from when I do getent? > > Confused, --Mark > > -----Original Message----- > Date: Tue, 24 Jan 2017 21:35:09 -0500 > To: samba at lists.samba.org > Subject: [Samba] getent problems with new Samba version > From: Mark Foley via samba <samba at lists.samba.org> > > I have been running Samba4 as AD/DC for a mixed Windows/Linux office domain for a little over 2 > 1/2 years now. I've needed a few tweaks from Roland, but basically it has run flawless during that time. > > 10 days ago, I upgrade to Slackware 14.2 from 14.1. Samba was likewise upgraded from version > 4.2.14 to 4.4.8. I'm having a serious problem ... > > before the upgrade getent gave me: > > $ getent passwd mark > HPRS\mark:*:10001:10000:Mark Foley:/home/HPRS/mark:/bin/false > > which is correct. After the upgrade I get: > > $ getent passwd mark > HPRS\mark:*:3000026:100:Mark Foley:/home/HPRS/mark:/bin/bash > > In RSAT > Active Directory Users and Computers > [user] properties > UNIX Attributes, this user's UID is shown as 10001 and Primary group is "Domain Users" which is 10000. So, correct in RSAT. > > smb.conf is unchanged. > > These UID/GID settings are similar to the defaults from when I installed samba4 back in 2015! > Why did these change? Why are they not reflecting what is shown in RSAT? > > This is a production office server and this issue is causing me a lot of headaches with existing files owned by the user as UID/GID 10001:10000, but now systems are trying to rw these files as 3000026:100. I'm getting permission denied errors, esp. in IMAP folders. > > How can I fix this? Help! Urgent! > > THX --Mark > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >