-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 26 Feb 2015 22:41:58 +0000 Rowland Penny <rowlandpenny at googlemail.com> wrote:> > Try 'samba-tool user add --help' > All the info you require is there. > > Rowland >Still fail: Used pdbedit to remove the previous user wynkoop used samba-tool to add user wynkoop with specific UID and GID I then connected as user wynkoop with smbclient and uploaded a file to /archive/test root at prd2:/usr/local/etc # samba-tool user add wynkoop --gid-number=34 - --uid=34 --gecos="Brett Wynkoop" --login-shell=/usr/local/bin/bash - --home-directory=/home/wynkoop New Password: Retype Password: Processing section "[netlogon]" Processing section "[sysvol]" Processing section "[archive]" pm_process() returned Yes You are setting a Unix/RFC2307 UID or GID. You may want to set 'idmap_ldb:use rfc2307 = Yes' to use those attributes for XID/SID-mapping. User 'wynkoop' created successfully root at prd2:/usr/local/etc # cd /archive/test root at prd2:/archive/test # ls -l total 3 - -rw-r--r-- 1 3000014 wheel 6148 Feb 22 03:37 .DS_Store - -rw-r--r-- 1 3000011 wheel 381 Feb 26 18:18 profile root at prd2:/archive/test # Needless to say where it says 3000011 I expect it to see wynkoop since I am in the local password file on that system with UID 34. - -Brett - -- wynkoop at wynn.com http://prd4.wynn.com/wynkoop/pgp-keys.txt 917-642-6925 929-272-0000 If cowardly and dishonorable men sometimes shoot unarmed men with army pistols or guns, the evil must be prevented by the penitentiary and gallows, and not by a general deprivation of a constitutional privilege. - -Honorable J. A. Williams, Circuit Judge - Wilson v. State, 33 Ark. 557, 34 Am. Rep. 52 (1878). -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJU76ynAAoJEK6K3yrc+RuDrz4H/2r7lqAZnEZPT6oIVHL82smM lUUMVOcUWQjaInP0VxuMoHDSHPkDC076dD2SkiH5zZ+xwKUl8rjfb/SGc55aFved BU6wOt7vCXGzdRpD5Umtw12uS8syi0OpjHr+Uy2+dboNPo8+Tvfkw5xduhXweV7c x6jBbTzy2mq72dciNKXnMsO7hzpERZ9LPaKJ7BaIObRmxoYqRwndW3J3nLPc2XEH I2A906M1+JJFTYNxDLAM+1eKmXa7EaNc9iWqUQiw/zKNo2PZ8VSjtdqnVKXObt3/ UXgjK0k2gOlX4pVjbUoJa+mY1/nUYUHe+tcEy5/1fLwwwlaBBJgEhEMzmiZIn/I=lcHk -----END PGP SIGNATURE-----
On 26/02/15 23:30, Brett Wynkoop wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, 26 Feb 2015 22:41:58 +0000 > Rowland Penny <rowlandpenny at googlemail.com> wrote: > >> Try 'samba-tool user add --help' >> All the info you require is there. >> >> Rowland >> > Still fail: > > Used pdbedit to remove the previous user wynkoop > > used samba-tool to add user wynkoop with specific UID and GID > > I then connected as user wynkoop with smbclient and uploaded a file > to /archive/test > > > root at prd2:/usr/local/etc # samba-tool user add wynkoop --gid-number=34 > - --uid=34 --gecos="Brett Wynkoop" --login-shell=/usr/local/bin/bash > - --home-directory=/home/wynkoop New Password: Retype Password: > Processing section "[netlogon]" > Processing section "[sysvol]" > Processing section "[archive]" > pm_process() returned Yes > You are setting a Unix/RFC2307 UID or GID. You may want to set > 'idmap_ldb:use rfc2307 = Yes' to use those attributes for > XID/SID-mapping. User 'wynkoop' created successfully > root at prd2:/usr/local/etc # cd /archive/test root at prd2:/archive/test # > ls -l total 3 > - -rw-r--r-- 1 3000014 wheel 6148 Feb 22 03:37 .DS_Store > - -rw-r--r-- 1 3000011 wheel 381 Feb 26 18:18 profile > root at prd2:/archive/test # > > Needless to say where it says 3000011 I expect it to see wynkoop since > I am in the local password file on that system with UID 34. > > - -Brett > > - -- > > wynkoop at wynn.com http://prd4.wynn.com/wynkoop/pgp-keys.txt > 917-642-6925 > 929-272-0000 > > If cowardly and dishonorable men sometimes shoot unarmed men with army > pistols or guns, the evil must be prevented by the penitentiary and > gallows, and not by a general deprivation of a constitutional privilege. > > - -Honorable J. A. Williams, Circuit Judge - > Wilson v. State, 33 Ark. 557, 34 Am. Rep. 52 (1878). > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQEcBAEBAgAGBQJU76ynAAoJEK6K3yrc+RuDrz4H/2r7lqAZnEZPT6oIVHL82smM > lUUMVOcUWQjaInP0VxuMoHDSHPkDC076dD2SkiH5zZ+xwKUl8rjfb/SGc55aFved > BU6wOt7vCXGzdRpD5Umtw12uS8syi0OpjHr+Uy2+dboNPo8+Tvfkw5xduhXweV7c > x6jBbTzy2mq72dciNKXnMsO7hzpERZ9LPaKJ7BaIObRmxoYqRwndW3J3nLPc2XEH > I2A906M1+JJFTYNxDLAM+1eKmXa7EaNc9iWqUQiw/zKNo2PZ8VSjtdqnVKXObt3/ > UXgjK0k2gOlX4pVjbUoJa+mY1/nUYUHe+tcEy5/1fLwwwlaBBJgEhEMzmiZIn/I> =lcHk > -----END PGP SIGNATURE-----34, you are seriously using 34 for a standard user id number ? You shouldn't use anything below 1000 for a normal user, these low numbers are reserved for system use and you have run into a problem that can only be fixed by not using such low numbers. The 3000014 number is coming from idmap.ldb but the group number is coming from /etc/group (or whatever it is called on freebsd) Rowland
On Fri, 27 Feb 2015 00:18:24 +0000 Rowland Penny <rowlandpenny at googlemail.com> wrote:> 34, you are seriously using 34 for a standard user id number ? You > shouldn't use anything below 1000 for a normal user, these low > numbers are reserved for system use and you have run into a problem > that can only be fixed by not using such low numbers. The 3000014 > number is coming from idmap.ldb but the group number is coming > from /etc/group (or whatever it is called on freebsd) > > RowlandRowland- Again wind issues forth with no meaning. Where does your "Wisdom" about no UID below 1000 come from? Back 30 years ago when I started with Unix, and this network was first set up the normal practice was to start regular users at 100, with below 100 being reserved for SYSTEMS STAFF and System Processes. Typically on a stock Sun box running NIS the NIS maps were built starting at 100 and systems staff were below that so that if NIS failed systems staff could still log into a box to fix things. As I recall the UID starting convention for POSIX systems started to creep higher than 100 with the copy-cat called Gnu/Linux. If I recall correctly the first time I saw 501 as a default starting UID was with Debian years ago. Every Mac that rolls off the factory floor is set to start ordinary users at 501 today. Yes many of the various GNU/Linux distributions have adopted 1000 and above for REGULAR USERS, but there is no technical reason for it, and in fact unless, as is the case with NIS, there is a table saying do not put this UID in the map there is no reason that 34 should not happily go into the Samba directory service. I will take a moment to point out in the case of NIS it was, and is possible by changing a single thing in the Makefile used for making the maps to set whatever cutoff UID you wish, and to include random UIDs in the maps as well. I would submit that if Samba can not do this then Samba 4 is broken. What is even more broken is that samba-tool silently accepted 34 as a UID and created the samba user. If UIDs below 1000 are forbidden then a properly written program would have thrown an exception. There are many TB of data on the network. Most of the UIDs are below 1000, in fact most are below 500. Can you provide considered technical reasons that Samba can NO LONGER HANDLE whatever UID the admin wishes to assign? It would seem to me what you said is "You found a bug and the samba core team does not want to fix it", but what do I know I have only been hacking on Unix boxes since about 1982 or 1983. If anyone else on the list has insight into the situation I would appreciate hearing from you. I am too involved in the FreeBSD arm port to devote time to reading the samba sources to find the bug. -Brett -- wynkoop at wynn.com http://prd4.wynn.com/wynkoop/pgp-keys.txt 917-642-6925 929-272-0000 "The strongest reason for the people to retain the right to keep and bear arms is, as a last resort, to protect themselves against tyranny in government" - Thomas Jefferson.
Did you read this post by Nigel W?
"samba-tool user add two Passw0rd --uid-number=101 --gid-number=1\
--login-shell=/bin/bash --home-directory=/home/two
One thing that tripped me up, --uid is for the username, --uid-number is
what we are interested in."