Kees van Vloten
2023-May-14  19:47 UTC
[Samba] samba users at boot, the same local and samba user bug has gone
On 14-05-2023 21:39, Rowland Penny via samba wrote:> > > On 14/05/2023 20:32, Kees van Vloten via samba wrote: > >> The uid + gid are the unique identifier of a user in Linux, the name >> is only relevant for the translation of number (uid) to name. >> >> I.e. a local-user == domain-user when uid + gid are identical. >> >> My nsswitch.conf prefers local-users over domain-users: >> >> passwd:???????? files systemd winbind >> group:????????? files systemd winbind >> shadow:???????? files >> gshadow:??????? files >> >> But when I do "id <user>" on a user that exists locally and in the >> domain I get the list of groups of both local + domain concatenated >> as one long list. >> >> Would it be viewed as two separate users that would not happen. >> >> - Kees. > >> > > OK, I should have posted that as well: > > adminuser at lmde5:~$ id unixuser > uid=1001(unixuser) gid=1001(unixuser) > groups=1001(unixuser),13105(unixuser),10513(domain > users),3001(BUILTIN\users) > > adminuser at lmde5:~$ id SAMDOM\\unixuser > uid=13105(unixuser) gid=10513(domain users) groups=10513(domain > users),13105(unixuser),3001(BUILTIN\users) > > Still think they are the same user ? > > Rowland >I do ! But only when uid + gid are identical (which is not the case for your user): id samdom\\user1 uid=1114(user1) gid=1114(user1) groups=1114(user1),100(users),978(ssh-users),10000(domain users),10123(acl-app_group-access),1000001(BUILTIN\users) id user1 uid=1114(user1) gid=1114(user1) groups=1114(user1),100(users),978(ssh-users),10000(domain users),10123(acl-app_group-access),1000001(BUILTIN\users) I get exactly the same list of groups for both. - Kees.
Rowland Penny
2023-May-14  19:58 UTC
[Samba] samba users at boot, the same local and samba user bug has gone
On 14/05/2023 20:47, Kees van Vloten via samba wrote:> > On 14-05-2023 21:39, Rowland Penny via samba wrote: >> >> >> On 14/05/2023 20:32, Kees van Vloten via samba wrote: >> >>> The uid + gid are the unique identifier of a user in Linux, the name >>> is only relevant for the translation of number (uid) to name. >>> >>> I.e. a local-user == domain-user when uid + gid are identical. >>> >>> My nsswitch.conf prefers local-users over domain-users: >>> >>> passwd:???????? files systemd winbind >>> group:????????? files systemd winbind >>> shadow:???????? files >>> gshadow:??????? files >>> >>> But when I do "id <user>" on a user that exists locally and in the >>> domain I get the list of groups of both local + domain concatenated >>> as one long list. >>> >>> Would it be viewed as two separate users that would not happen. >>> >>> - Kees. >> >>> >> >> OK, I should have posted that as well: >> >> adminuser at lmde5:~$ id unixuser >> uid=1001(unixuser) gid=1001(unixuser) >> groups=1001(unixuser),13105(unixuser),10513(domain >> users),3001(BUILTIN\users) >> >> adminuser at lmde5:~$ id SAMDOM\\unixuser >> uid=13105(unixuser) gid=10513(domain users) groups=10513(domain >> users),13105(unixuser),3001(BUILTIN\users) >> >> Still think they are the same user ? >> >> Rowland >> > I do ! > > But only when uid + gid are identical (which is not the case for your > user): > > id samdom\\user1 > uid=1114(user1) gid=1114(user1) > groups=1114(user1),100(users),978(ssh-users),10000(domain > users),10123(acl-app_group-access),1000001(BUILTIN\users) > > id user1 > uid=1114(user1) gid=1114(user1) > groups=1114(user1),100(users),978(ssh-users),10000(domain > users),10123(acl-app_group-access),1000001(BUILTIN\users) > > I get exactly the same list of groups for both. > > - Kees. > > >I think that you are using the 'ad' idmap backend, but I am not sure what on, a DC ? What I am trying to get across is, there is no reason to have two users with the same name, one in /etc/passwd and one in AD. the one in /etc/passwd is unknown to AD, but the one in AD can very easily become a Unix user. Rowland
Possibly Parallel Threads
- samba users at boot, the same local and samba user bug has gone
- samba users at boot, the same local and samba user bug has gone
- samba users at boot, the same local and samba user bug has gone
- samba users at boot, the same local and samba user bug has gone
- samba users at boot, the same local and samba user bug has gone