thr3ads.net - samba - [Samba] Strange GID and UID with winbindd + Samba AD DC [Mar 2014]

If this information is useful, please help other people find it:
Share via:

Chan Min Wai

2014-Mar-12 19:49 UTC

[Samba] Strange GID and UID with winbindd + Samba AD DC

Dear All,

I've some strange entry on my getent as shown below.
It seem that

There are some strange value UID/GID
4294967295 <-- what number is this?

I get this info from my Domain member which serving as a files server.

Also some different GID from Samba AD DC

E.g wbinfo from AD DC (default configuration after classical migratation)
--> AD DC have no winbind configuration.
wbinfo --group-info=mtcuser
AMTB-WORKGROUP\mtcuser:*:10002:
(GID is not show correctly on winbind of domain member)



==Domain Member result=getent group
{snap major local group}
nullmail:x:88:
sqlservermssqlserveradhelperuser$win2k8srv01:x:4294967295:
allowed rodc password replication group:x:4294967295:
enterprise read-only domain controllers:x:4294967295:
sqlserver2005sqlbrowseruser$win2k8srv01:x:4294967295:
denied rodc password replication group:x:4294967295:krbtgt
read-only domain controllers:x:4294967295:
group policy creator owners:x:4294967295:administrator
docs:x:508:user002,user003,
software:x:511:dcmwai
finance:x:1005:dcmwai
mtcusers:x:4294967295:llchai,mtcuser01
ras and ias servers:x:4294967295:
domain controllers:x:4294967295:
enterprise admins:x:4294967295:administrator
web:x:510:dcmwai,mwchan
domain computers:x:515:
cert publishers:x:4294967295:
amtbkladmin:x:4294967295:dcmwai,amtbadmin,administrator
mirageadmin:x:4294967295:miragesvc
dnsupdateproxy:x:4294967295:
domain admins:x:512:dcmwai,administrator
domain guests:x:514:
schema admins:x:4294967295:administrator
domain users:x:513:
dnsadmins:x:4294967295:


getent passwd


avuser1:*:1036:513:avuser1:/home/avuser1:/bin/bash
avuser2:*:1037:513:avuser2:/home/avuser2:/bin/bash
user001:*:1012:513:user001:/home/user001:/bin/bash
user002:*:1064:513:user002:/home/user002:/bin/bash
user003:*:1065:513:user003:/home/user003:/bin/bash
dcmwai:*:1014:513:dcmwai:/home/dcmwai:/bin/bash
mwchan:*:10000:513:mwchan:/home/mwchan:/bin/bash
recep1:*:1021:513:recep1:/home/recep1:/bin/bash
recep2:*:1022:513:recep2:/home/recep2:/bin/bash
mtcuser01:*:1074:513:mtcuser01:/home/mtcuser01:/bin/bash
dns-amtbserver:*:4294967295:513:dns-amtbserver:/home/AMTB-WORKGROUP/dns-amtbserver:/bin/false
administrator:*:10005:513:Administrator:/home/Administrator:/bin/sh
amtbadmin:*:10004:513:amtbadmin:/home/amtbadmin:/bin/bash
dns-amtbsrv02:*:4294967295:513:dns-AMTBSRV02:/home/AMTB-WORKGROUP/dns-amtbsrv02:/bin/false
miragesvc:*:10002:513:miragesvc:/home/miragesvc:/bin/sh
krbtgt:*:4294967295:513:krbtgt:/home/AMTB-WORKGROUP/krbtgt:/bin/false
guest:*:65534:514:Guest:/var/empty:/bin/false


Anyone can advise what is going on?

Thank You.

Chan Min Wai

2014-Mar-13 15:41 UTC

head link

[Samba] Strange GID and UID with winbindd + Samba AD DC

Dear All,

Any one have any idea?

this is part of the config files which I think should be related.

But I cannot see which part caused the issue.
The users can access the files and folder but the problem are the large
uid/gid and also wrong gid..

Thank You

[global]
        workgroup = AMTB-WORKGROUP
        security = ADS
        realm = KL01.AMTB-M.ORG.MY
        idmap config AMTB-WORKGROUP : backend = ad
        idmap config AMTB-WORKGROUP : schema_mode = rfc2307
        idmap config AMTB-WORKGROUP : range = 10000-849999

        winbind nss info = rfc2307
        winbind enum groups = yes
        winbind enum users = yes
        winbind use default domain = Yes

        winbind cache time = 300
        winbind refresh tickets = yes
        winbind offline logon = yes
        winbind nested groups = yes
        winbind max clients = 500

        netbios name = AmtbCluster



On Thu, Mar 13, 2014 at 3:49 AM, Chan Min Wai <dcmwai at gmail.com> wrote:
> Dear All,
>
> I've some strange entry on my getent as shown below.
> It seem that
>
> There are some strange value UID/GID
> 4294967295 <-- what number is this?
>
> I get this info from my Domain member which serving as a files server.
>
> Also some different GID from Samba AD DC
>
> E.g wbinfo from AD DC (default configuration after classical migratation)
> --> AD DC have no winbind configuration.
> wbinfo --group-info=mtcuser
> AMTB-WORKGROUP\mtcuser:*:10002:
> (GID is not show correctly on winbind of domain member)
>
>
>
> ==Domain Member result=> getent group
> {snap major local group}
> nullmail:x:88:
> sqlservermssqlserveradhelperuser$win2k8srv01:x:4294967295:
> allowed rodc password replication group:x:4294967295:
> enterprise read-only domain controllers:x:4294967295:
> sqlserver2005sqlbrowseruser$win2k8srv01:x:4294967295:
> denied rodc password replication group:x:4294967295:krbtgt
> read-only domain controllers:x:4294967295:
> group policy creator owners:x:4294967295:administrator
> docs:x:508:user002,user003,
> software:x:511:dcmwai
> finance:x:1005:dcmwai
> mtcusers:x:4294967295:llchai,mtcuser01
> ras and ias servers:x:4294967295:
> domain controllers:x:4294967295:
> enterprise admins:x:4294967295:administrator
> web:x:510:dcmwai,mwchan
> domain computers:x:515:
> cert publishers:x:4294967295:
> amtbkladmin:x:4294967295:dcmwai,amtbadmin,administrator
> mirageadmin:x:4294967295:miragesvc
> dnsupdateproxy:x:4294967295:
> domain admins:x:512:dcmwai,administrator
> domain guests:x:514:
> schema admins:x:4294967295:administrator
> domain users:x:513:
> dnsadmins:x:4294967295:
>
>
> getent passwd
>
>
> avuser1:*:1036:513:avuser1:/home/avuser1:/bin/bash
> avuser2:*:1037:513:avuser2:/home/avuser2:/bin/bash
> user001:*:1012:513:user001:/home/user001:/bin/bash
> user002:*:1064:513:user002:/home/user002:/bin/bash
> user003:*:1065:513:user003:/home/user003:/bin/bash
> dcmwai:*:1014:513:dcmwai:/home/dcmwai:/bin/bash
> mwchan:*:10000:513:mwchan:/home/mwchan:/bin/bash
> recep1:*:1021:513:recep1:/home/recep1:/bin/bash
> recep2:*:1022:513:recep2:/home/recep2:/bin/bash
> mtcuser01:*:1074:513:mtcuser01:/home/mtcuser01:/bin/bash
>
>
dns-amtbserver:*:4294967295:513:dns-amtbserver:/home/AMTB-WORKGROUP/dns-amtbserver:/bin/false
> administrator:*:10005:513:Administrator:/home/Administrator:/bin/sh
> amtbadmin:*:10004:513:amtbadmin:/home/amtbadmin:/bin/bash
>
>
dns-amtbsrv02:*:4294967295:513:dns-AMTBSRV02:/home/AMTB-WORKGROUP/dns-amtbsrv02:/bin/false
> miragesvc:*:10002:513:miragesvc:/home/miragesvc:/bin/sh
> krbtgt:*:4294967295:513:krbtgt:/home/AMTB-WORKGROUP/krbtgt:/bin/false
> guest:*:65534:514:Guest:/var/empty:/bin/false
>
>
> Anyone can advise what is going on?
>
> Thank You.
>

Possibly Parallel Threads

Search for more apparently analagous threads

samba - Mar 2014 - Strange GID and UID with winbindd + Samba AD DC

[Samba] Strange GID and UID with winbindd + Samba AD DC

[Samba] Strange GID and UID with winbindd + Samba AD DC

Possibly Parallel Threads