samba - Aug 2015 - Samba4 DC/AD documents created in redirected folders with bogus UID

I just noticed that my fresh install of Samba 4.2.3 has the same behaviour.

I have a share (\\samba\it_share)) and some users when creating files have
the UID as 3000000 and some have their correct UIDs.
Share permissons are being controlled by Windows ACLs.

On Wed, Aug 19, 2015 at 1:58 PM, Mark Foley <mfoley at novatec-inc.com>
wrote:
> More information,
>
> It appears I've had this issue since installing Samba 4.1.0 about 6
months
> ago.
> When I add a domain user, the DC resisdent redirected folder gets
> synchronized
> with the user's desktop with the correct UID.
>
> For some users, but not all, new "My Documents" get created with
UID
> 3000000 on
> the DC, not the user's correct ID as shown by wbinfo.  I haven't
been able
> to
> see a configuration difference between users who are able to create the
> files
> with the correct UID and those not.
>
> I need to figure this out soon. Otherwise, the users get error messages
> like
> "Protected View. This file came from the Internet ..." when
trying to open
> files
> originally sync'd with the correct UID.
>
> --Mark
>
> -----Original Message-----
> > From: Mark Foley <mfoley at novatec-inc.com>
> > Date: Wed, 19 Aug 2015 01:14:03 -0400
> > To: samba at lists.samba.org
> >
> > My up-front apologies if this topic has been covered. This is my first
> time
> > using this list and I don't know how to search for existing topics
yet
> ...
> >
> > I installed Samba4 on Linux Slackware 64 version 14.1 about 6 months
> ago. I set
> > up redirected folders for the Windows 7 Workstation users. All worked
> fine until
> > recently. Now, when several of the users create documents and folders
on
> their
> > "Desktop" (redirected to the DC) they are being created with
UID
> 3000000, which
> > is not a configured UID. For example:
> >
> > $ ls -ltrn "/redirectedFolders/Users/matkeson/My Documents"
> > -rwxrwx---+ 1 3000045 100  27648 2015-07-30 07:17 Accounts\
> 7-1-2015.docx*
> > drwxrwx---+ 2 3000045 100   4096 2015-08-11 09:27 Correspondence/
> > -rwxrwx---+ 1 3000000 100  11423 2015-08-18 11:04 testMark.docx*
> >
> > This user's actual UID is 3000045, as created months ago via
Windows
> RSAT.
> > Confirmed by:
> >
> > $ wbinfo -i matkeson
> > HPRS\matkeson:*:3000045:100:Mark
Atkeson:/home/HPRS/matkeson:/bin/false
> >
> > I did recently upgrade Samba from the originally installed 4.1.0 to
> 4.1.17 a
> > couple of weeks ago, but I can't really confirm that is when the
problem
> started
> > showing up.  I find files with this 3000000 UID on backups before the
> upgrade (I
> > think).
> >
> > This does not affect all users. I find 3 for sure it happens to and 3
> for sure
> > it does not happen to.
> >
> > I do have "idmap_ldb:use rfc2307 = yes" set in smb.conf
> >
> > THX
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Guilherme Boing, on 19 Aug 2015 14:31 you wrote:
> I just noticed that my fresh install of Samba 4.2.3 has the same behaviour.
Did you get a solution?

Odd, but this topic doesn't seem to be getting much traction.  I wonder what
people are using Samba4 for.  Outside of hard-cord samba-junkies who love
spending hours testing all kinds of esoteric features, I think most serious
Samba4 AD/DC users are like me: small office, single domain with a dozen-ish
Windows workstations.  We don't have forests and trees scattered all over
the
planet.  For us, AD/DC is used for: DNS, DHCP, mail server, Windows
Authenticated login so users can log into any workstation, and redirected
folders so users' desktops follow them to any workstation. 

Those are the fundamentals. Other than Windows Authentication and redirected
folders, I don't really see the point of Active Directory. 

Therefore, for what I consider to be core, real-world Samba4 usage, this problem
of users' files getting created with the wrong UID seems to a top-priority
bug.

Any suggestions? Something in smb.conf, nsswitch.conf? A setting in RSAT?

--Mark

-----Original Message-----
> Date: Wed, 19 Aug 2015 14:31:33 -0300
> From: Guilherme Boing <kolt+samba at frag.com.br>
> Cc: samba <samba at lists.samba.org>
> Subject: Re: [Samba] Samba4 DC/AD documents created in redirected folders 
with bogus UID
>
> I just noticed that my fresh install of Samba 4.2.3 has the same behaviour.
>
> I have a share (\\samba\it_share)) and some users when creating files have
> the UID as 3000000 and some have their correct UIDs.
> Share permissons are being controlled by Windows ACLs.
>
> On Wed, Aug 19, 2015 at 1:58 PM, Mark Foley <mfoley at
novatec-inc.com> wrote:
>
>> More information,
>>
>> It appears I've had this issue since installing Samba 4.1.0 about 6
months
>> ago.
>> When I add a domain user, the DC resisdent redirected folder gets
>> synchronized
>> with the user's desktop with the correct UID.
>>
>> For some users, but not all, new "My Documents" get created
with UID
>> 3000000 on
>> the DC, not the user's correct ID as shown by wbinfo.  I
haven't been able
>> to
>> see a configuration difference between users who are able to create the
>> files
>> with the correct UID and those not.
>>
>> I need to figure this out soon. Otherwise, the users get error messages
>> like
>> "Protected View. This file came from the Internet ..." when
trying to open
>> files
>> originally sync'd with the correct UID.
>>
>> --Mark
>>
>> -----Original Message-----
>> > From: Mark Foley <mfoley at novatec-inc.com>
>> > Date: Wed, 19 Aug 2015 01:14:03 -0400
>> > To: samba at lists.samba.org
>> >
>> > My up-front apologies if this topic has been covered. This is my
first
>> time
>> > using this list and I don't know how to search for existing
topics yet
>> ...
>> >
>> > I installed Samba4 on Linux Slackware 64 version 14.1 about 6
months
>> ago. I set
>> > up redirected folders for the Windows 7 Workstation users. All
worked
>> fine until
>> > recently. Now, when several of the users create documents and
folders on
>> their
>> > "Desktop" (redirected to the DC) they are being created
with UID
>> 3000000, which
>> > is not a configured UID. For example:
>> >
>> > $ ls -ltrn "/redirectedFolders/Users/matkeson/My
Documents"
>> > -rwxrwx---+ 1 3000045 100  27648 2015-07-30 07:17 Accounts\
>> 7-1-2015.docx*
>> > drwxrwx---+ 2 3000045 100   4096 2015-08-11 09:27 Correspondence/
>> > -rwxrwx---+ 1 3000000 100  11423 2015-08-18 11:04 testMark.docx*
>> >
>> > This user's actual UID is 3000045, as created months ago via
Windows
>> RSAT.
>> > Confirmed by:
>> >
>> > $ wbinfo -i matkeson
>> > HPRS\matkeson:*:3000045:100:Mark
Atkeson:/home/HPRS/matkeson:/bin/false
>> >
>> > I did recently upgrade Samba from the originally installed 4.1.0
to
>> 4.1.17 a
>> > couple of weeks ago, but I can't really confirm that is when
the problem
>> started
>> > showing up.  I find files with this 3000000 UID on backups before
the
>> upgrade (I
>> > think).
>> >
>> > This does not affect all users. I find 3 for sure it happens to
and 3
>> for sure
>> > it does not happen to.
>> >
>> > I do have "idmap_ldb:use rfc2307 = yes" set in smb.conf
>> >
>> > THX
>> >

On 20/08/15 15:24, Mark Foley wrote:
> Guilherme Boing, on 19 Aug 2015 14:31 you wrote:
>
>> I just noticed that my fresh install of Samba 4.2.3 has the same
behaviour.
> Did you get a solution?
>
> Odd, but this topic doesn't seem to be getting much traction.  I wonder
what
> people are using Samba4 for.  Outside of hard-cord samba-junkies who love
> spending hours testing all kinds of esoteric features, I think most serious
> Samba4 AD/DC users are like me: small office, single domain with a
dozen-ish
> Windows workstations.  We don't have forests and trees scattered all
over the
> planet.  For us, AD/DC is used for: DNS, DHCP, mail server, Windows
> Authenticated login so users can log into any workstation, and redirected
> folders so users' desktops follow them to any workstation.
>
> Those are the fundamentals. Other than Windows Authentication and
redirected
> folders, I don't really see the point of Active Directory.
>
> Therefore, for what I consider to be core, real-world Samba4 usage, this
problem
> of users' files getting created with the wrong UID seems to a
top-priority bug.
>
> Any suggestions? Something in smb.conf, nsswitch.conf? A setting in RSAT?
>
> --Mark
>
> -----Original Message-----
>> Date: Wed, 19 Aug 2015 14:31:33 -0300
>> From: Guilherme Boing <kolt+samba at frag.com.br>
>> Cc: samba <samba at lists.samba.org>
>> Subject: Re: [Samba] Samba4 DC/AD documents created in redirected
folders  with bogus UID
>>
>> I just noticed that my fresh install of Samba 4.2.3 has the same
behaviour.
>>
>> I have a share (\\samba\it_share)) and some users when creating files
have
>> the UID as 3000000 and some have their correct UIDs.
>> Share permissons are being controlled by Windows ACLs.
>>
>> On Wed, Aug 19, 2015 at 1:58 PM, Mark Foley <mfoley at
novatec-inc.com> wrote:
>>
>>> More information,
>>>
>>> It appears I've had this issue since installing Samba 4.1.0
about 6 months
>>> ago.
>>> When I add a domain user, the DC resisdent redirected folder gets
>>> synchronized
>>> with the user's desktop with the correct UID.
>>>
>>> For some users, but not all, new "My Documents" get
created with UID
>>> 3000000 on
>>> the DC, not the user's correct ID as shown by wbinfo.  I
haven't been able
>>> to
>>> see a configuration difference between users who are able to create
the
>>> files
>>> with the correct UID and those not.
>>>
>>> I need to figure this out soon. Otherwise, the users get error
messages
>>> like
>>> "Protected View. This file came from the Internet ..."
when trying to open
>>> files
>>> originally sync'd with the correct UID.
>>>
>>> --Mark
>>>
>>> -----Original Message-----
>>>> From: Mark Foley <mfoley at novatec-inc.com>
>>>> Date: Wed, 19 Aug 2015 01:14:03 -0400
>>>> To: samba at lists.samba.org
>>>>
>>>> My up-front apologies if this topic has been covered. This is
my first
>>> time
>>>> using this list and I don't know how to search for existing
topics yet
>>> ...
>>>> I installed Samba4 on Linux Slackware 64 version 14.1 about 6
months
>>> ago. I set
>>>> up redirected folders for the Windows 7 Workstation users. All
worked
>>> fine until
>>>> recently. Now, when several of the users create documents and
folders on
>>> their
>>>> "Desktop" (redirected to the DC) they are being
created with UID
>>> 3000000, which
>>>> is not a configured UID. For example:
>>>>
>>>> $ ls -ltrn "/redirectedFolders/Users/matkeson/My
Documents"
>>>> -rwxrwx---+ 1 3000045 100  27648 2015-07-30 07:17 Accounts\
>>> 7-1-2015.docx*
>>>> drwxrwx---+ 2 3000045 100   4096 2015-08-11 09:27
Correspondence/
>>>> -rwxrwx---+ 1 3000000 100  11423 2015-08-18 11:04
testMark.docx*
>>>>
>>>> This user's actual UID is 3000045, as created months ago
via Windows
>>> RSAT.
>>>> Confirmed by:
>>>>
>>>> $ wbinfo -i matkeson
>>>> HPRS\matkeson:*:3000045:100:Mark
Atkeson:/home/HPRS/matkeson:/bin/false
>>>>
>>>> I did recently upgrade Samba from the originally installed
4.1.0 to
>>> 4.1.17 a
>>>> couple of weeks ago, but I can't really confirm that is
when the problem
>>> started
>>>> showing up.  I find files with this 3000000 UID on backups
before the
>>> upgrade (I
>>>> think).
>>>>
>>>> This does not affect all users. I find 3 for sure it happens to
and 3
>>> for sure
>>>> it does not happen to.
>>>>
>>>> I do have "idmap_ldb:use rfc2307 = yes" set in
smb.conf
>>>>
>>>> THX
>>>>
Are you sure this is a Samba problem ? '3000000' is the UID/GID (yes it 
is both) for 'S-1-5-32-544' which is the Administrators group. Are the 
problem users also members of the Administrators group? As far as I am 
aware there is nothing in Samba that sets the permissions of a share 
(apart from Sysvol and this is a special case), you have to set the 
ownership etc somewhere, from the windows security tab for instance, or 
directly on the share dir on the Samba server. I would check the windows 
machines, you may find that the problem lies there.

Rowland

>Those are the fundamentals. Other than Windows Authentication 
>and redirected
>folders, I don't really see the point of Active Directory.
I use Active Directory Group policies for:
settings in windows
folder redirects
printer distribution base on user or group..
software installations base on user or group..
and Single Sign On for multple systems, windows and linux. 

a nice to know a cryptovirus protection set in group policies. 
( works agains most malware ) 

So lets have al look for you, 

post your :

smb.conf
nsswitch.conf
idmap.conf ( if you have it, depends on what your doing and using ) 

id Administrator
id anyuser (no admin, with uid/gid ) 
getent passwd
getent group
getent group "Domain Users" 
getent group "Domain Admins" 

wbinfo -u 
wbinfo -g
wbinfo -p
wbinfo -t 

cat /etc/pam.d/common-password

from here we have a starter to help out. 

( out of office in 5 min, i have a look tomorrow ) 


Greetz, 

Louis

>-----Oorspronkelijk bericht-----
>Van: samba [mailto:samba-bounces at lists.samba.org] Namens Mark Foley
>Verzonden: donderdag 20 augustus 2015 16:24
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] Samba4 DC/AD documents created in 
>redirected folders with bogus UID
>
>Guilherme Boing, on 19 Aug 2015 14:31 you wrote:
>
>> I just noticed that my fresh install of Samba 4.2.3 has the 
>same behaviour.
>
>Did you get a solution?
>
>Odd, but this topic doesn't seem to be getting much traction.  
>I wonder what
>people are using Samba4 for.  Outside of hard-cord 
>samba-junkies who love
>spending hours testing all kinds of esoteric features, I think 
>most serious
>Samba4 AD/DC users are like me: small office, single domain 
>with a dozen-ish
>Windows workstations.  We don't have forests and trees 
>scattered all over the
>planet.  For us, AD/DC is used for: DNS, DHCP, mail server, Windows
>Authenticated login so users can log into any workstation, and 
>redirected
>folders so users' desktops follow them to any workstation. 
>
>Those are the fundamentals. Other than Windows Authentication 
>and redirected
>folders, I don't really see the point of Active Directory. 
>
>Therefore, for what I consider to be core, real-world Samba4 
>usage, this problem
>of users' files getting created with the wrong UID seems to a 
>top-priority bug.
>
>Any suggestions? Something in smb.conf, nsswitch.conf? A 
>setting in RSAT?
>
>--Mark
>
>-----Original Message-----
>> Date: Wed, 19 Aug 2015 14:31:33 -0300
>> From: Guilherme Boing <kolt+samba at frag.com.br>
>> Cc: samba <samba at lists.samba.org>
>> Subject: Re: [Samba] Samba4 DC/AD documents created in 
>redirected folders  with bogus UID
>>
>> I just noticed that my fresh install of Samba 4.2.3 has the 
>same behaviour.
>>
>> I have a share (\\samba\it_share)) and some users when 
>creating files have
>> the UID as 3000000 and some have their correct UIDs.
>> Share permissons are being controlled by Windows ACLs.
>>
>> On Wed, Aug 19, 2015 at 1:58 PM, Mark Foley 
><mfoley at novatec-inc.com> wrote:
>>
>>> More information,
>>>
>>> It appears I've had this issue since installing Samba 4.1.0 
>about 6 months
>>> ago.
>>> When I add a domain user, the DC resisdent redirected folder gets
>>> synchronized
>>> with the user's desktop with the correct UID.
>>>
>>> For some users, but not all, new "My Documents" get
created with UID
>>> 3000000 on
>>> the DC, not the user's correct ID as shown by wbinfo.  I 
>haven't been able
>>> to
>>> see a configuration difference between users who are able 
>to create the
>>> files
>>> with the correct UID and those not.
>>>
>>> I need to figure this out soon. Otherwise, the users get 
>error messages
>>> like
>>> "Protected View. This file came from the Internet ..."
when
>trying to open
>>> files
>>> originally sync'd with the correct UID.
>>>
>>> --Mark
>>>
>>> -----Original Message-----
>>> > From: Mark Foley <mfoley at novatec-inc.com>
>>> > Date: Wed, 19 Aug 2015 01:14:03 -0400
>>> > To: samba at lists.samba.org
>>> >
>>> > My up-front apologies if this topic has been covered. 
>This is my first
>>> time
>>> > using this list and I don't know how to search for 
>existing topics yet
>>> ...
>>> >
>>> > I installed Samba4 on Linux Slackware 64 version 14.1 
>about 6 months
>>> ago. I set
>>> > up redirected folders for the Windows 7 Workstation 
>users. All worked
>>> fine until
>>> > recently. Now, when several of the users create documents 
>and folders on
>>> their
>>> > "Desktop" (redirected to the DC) they are being
created with UID
>>> 3000000, which
>>> > is not a configured UID. For example:
>>> >
>>> > $ ls -ltrn "/redirectedFolders/Users/matkeson/My
Documents"
>>> > -rwxrwx---+ 1 3000045 100  27648 2015-07-30 07:17 Accounts\
>>> 7-1-2015.docx*
>>> > drwxrwx---+ 2 3000045 100   4096 2015-08-11 09:27
Correspondence/
>>> > -rwxrwx---+ 1 3000000 100  11423 2015-08-18 11:04
testMark.docx*
>>> >
>>> > This user's actual UID is 3000045, as created months ago 
>via Windows
>>> RSAT.
>>> > Confirmed by:
>>> >
>>> > $ wbinfo -i matkeson
>>> > HPRS\matkeson:*:3000045:100:Mark 
>Atkeson:/home/HPRS/matkeson:/bin/false
>>> >
>>> > I did recently upgrade Samba from the originally 
>installed 4.1.0 to
>>> 4.1.17 a
>>> > couple of weeks ago, but I can't really confirm that is 
>when the problem
>>> started
>>> > showing up.  I find files with this 3000000 UID on 
>backups before the
>>> upgrade (I
>>> > think).
>>> >
>>> > This does not affect all users. I find 3 for sure it 
>happens to and 3
>>> for sure
>>> > it does not happen to.
>>> >
>>> > I do have "idmap_ldb:use rfc2307 = yes" set in
smb.conf
>>> >
>>> > THX
>>> >
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

>-----Oorspronkelijk bericht-----
>Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>Verzonden: donderdag 20 augustus 2015 16:56
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] Samba4 DC/AD documents created in 
>redirected folders with bogus UID
>
>On 20/08/15 15:24, Mark Foley wrote:
>> Guilherme Boing, on 19 Aug 2015 14:31 you wrote:
>>
>>> I just noticed that my fresh install of Samba 4.2.3 has the 
>same behaviour.
>> Did you get a solution?
>>
>> Odd, but this topic doesn't seem to be getting much 
>traction.  I wonder what
>> people are using Samba4 for.  Outside of hard-cord 
>samba-junkies who love
>> spending hours testing all kinds of esoteric features, I 
>think most serious
>> Samba4 AD/DC users are like me: small office, single domain 
>with a dozen-ish
>> Windows workstations.  We don't have forests and trees 
>scattered all over the
>> planet.  For us, AD/DC is used for: DNS, DHCP, mail server, Windows
>> Authenticated login so users can log into any workstation, 
>and redirected
>> folders so users' desktops follow them to any workstation.
>>
>> Those are the fundamentals. Other than Windows 
>Authentication and redirected
>> folders, I don't really see the point of Active Directory.
>>
>> Therefore, for what I consider to be core, real-world Samba4 
>usage, this problem
>> of users' files getting created with the wrong UID seems to 
>a top-priority bug.
>>
>> Any suggestions? Something in smb.conf, nsswitch.conf? A 
>setting in RSAT?
>>
>> --Mark
>>
>> -----Original Message-----
>>> Date: Wed, 19 Aug 2015 14:31:33 -0300
>>> From: Guilherme Boing <kolt+samba at frag.com.br>
>>> Cc: samba <samba at lists.samba.org>
>>> Subject: Re: [Samba] Samba4 DC/AD documents created in 
>redirected folders  with bogus UID
>>>
>>> I just noticed that my fresh install of Samba 4.2.3 has the 
>same behaviour.
>>>
>>> I have a share (\\samba\it_share)) and some users when 
>creating files have
>>> the UID as 3000000 and some have their correct UIDs.
>>> Share permissons are being controlled by Windows ACLs.
>>>
>>> On Wed, Aug 19, 2015 at 1:58 PM, Mark Foley 
><mfoley at novatec-inc.com> wrote:
>>>
>>>> More information,
>>>>
>>>> It appears I've had this issue since installing Samba 
>4.1.0 about 6 months
>>>> ago.
>>>> When I add a domain user, the DC resisdent redirected folder
gets
>>>> synchronized
>>>> with the user's desktop with the correct UID.
>>>>
>>>> For some users, but not all, new "My Documents" get 
>created with UID
>>>> 3000000 on
>>>> the DC, not the user's correct ID as shown by wbinfo.  I 
>haven't been able
>>>> to
>>>> see a configuration difference between users who are able 
>to create the
>>>> files
>>>> with the correct UID and those not.
>>>>
>>>> I need to figure this out soon. Otherwise, the users get 
>error messages
>>>> like
>>>> "Protected View. This file came from the Internet
..."
>when trying to open
>>>> files
>>>> originally sync'd with the correct UID.
>>>>
>>>> --Mark
>>>>
>>>> -----Original Message-----
>>>>> From: Mark Foley <mfoley at novatec-inc.com>
>>>>> Date: Wed, 19 Aug 2015 01:14:03 -0400
>>>>> To: samba at lists.samba.org
>>>>>
>>>>> My up-front apologies if this topic has been covered. 
>This is my first
>>>> time
>>>>> using this list and I don't know how to search for 
>existing topics yet
>>>> ...
>>>>> I installed Samba4 on Linux Slackware 64 version 14.1 
>about 6 months
>>>> ago. I set
>>>>> up redirected folders for the Windows 7 Workstation 
>users. All worked
>>>> fine until
>>>>> recently. Now, when several of the users create documents 
>and folders on
>>>> their
>>>>> "Desktop" (redirected to the DC) they are being
created with UID
>>>> 3000000, which
>>>>> is not a configured UID. For example:
>>>>>
>>>>> $ ls -ltrn "/redirectedFolders/Users/matkeson/My
Documents"
>>>>> -rwxrwx---+ 1 3000045 100  27648 2015-07-30 07:17 Accounts\
>>>> 7-1-2015.docx*
>>>>> drwxrwx---+ 2 3000045 100   4096 2015-08-11 09:27
Correspondence/
>>>>> -rwxrwx---+ 1 3000000 100  11423 2015-08-18 11:04
testMark.docx*
>>>>>
>>>>> This user's actual UID is 3000045, as created months
ago
>via Windows
>>>> RSAT.
>>>>> Confirmed by:
>>>>>
>>>>> $ wbinfo -i matkeson
>>>>> HPRS\matkeson:*:3000045:100:Mark 
>Atkeson:/home/HPRS/matkeson:/bin/false
>>>>>
>>>>> I did recently upgrade Samba from the originally 
>installed 4.1.0 to
>>>> 4.1.17 a
>>>>> couple of weeks ago, but I can't really confirm that is
>when the problem
>>>> started
>>>>> showing up.  I find files with this 3000000 UID on 
>backups before the
>>>> upgrade (I
>>>>> think).
>>>>>
>>>>> This does not affect all users. I find 3 for sure it 
>happens to and 3
>>>> for sure
>>>>> it does not happen to.
>>>>>
>>>>> I do have "idmap_ldb:use rfc2307 = yes" set in
smb.conf
>>>>>
>>>>> THX
>>>>>
>
>Are you sure this is a Samba problem ? '3000000' is the 
>UID/GID (yes it 
>is both) for 'S-1-5-32-544' which is the Administrators group. Are
the
>problem users also members of the Administrators group? As far as I am 
>aware there is nothing in Samba that sets the permissions of a share 
>(apart from Sysvol and this is a special case), you have to set the 
>ownership etc somewhere, from the windows security tab for 
>instance, or 
>directly on the share dir on the Samba server. I would check 
>the windows 
>machines, you may find that the problem lies there.
>
>Rowland
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>
Ah.. 
If thats the case.. 

I bet, the following, these 2 users... the speak of.. 

one has "Domain Admins" as primary group
the other "Domain Users" as primary group

If that the case, set all user to "Domain Users" as primary group in
the UNIX tab

and NEVER work as Admin/Administrator, always as a user.
If you for some reason are working as Admin/Administrator, 
then your doing something wrong, is it not needed, ever imo ! 

and if your only using windows computer/users,
set this in your shares : 
acl_xattr:ignore system acl = yes 
read the man smb.conf what it does. 


Greet, 

Louis

L.P.H. van Belle,

Your off-handed comment in your message, "nice to know a cryptovirus
protection
set in group policies" got my attention!

Where is this in group policies? Our office was smacked with CryptoWall
ransomware a few weeks ago. It got in through a user browsing to a website with
an infected version of Flash. It encrypted her C: drive and most of her attached
X: drive -- which is the office Shared Storage on the NAS.

Tell me more!!

--Mark

-----Original Message-----
From: "L.P.H. van Belle" <belle at bazuin.nl>
To: "samba at lists.samba.org" <samba at lists.samba.org>
Date: Thu, 20 Aug 2015 16:56:28 +0200
Subject: Re: [Samba] Samba4 DC/AD documents created in redirected folders  with
bogus UID

[deleted]

I use Active Directory Group policies for:
settings in windows
folder redirects
printer distribution base on user or group..
software installations base on user or group..
and Single Sign On for multple systems, windows and linux. 

a nice to know a cryptovirus protection set in group policies. 
( works agains most malware ) 

[deleted]

Hai, 

Read this site :
https://www.foolishit.com/2013/10/cryptolocker-prevention/ 
and this site
https://4sysops.com/archives/stopping-cryptolocker-and-other-ransomware/

Its almost always flash, this is why i block advertising in my office.
I've never had any probem again..  Im very busy with upgrades atm, but
when im done, ill post a "on debain jessie" base squid proxy setup,
with
kerberos authentication, and the advertising blocking methode. 

a few other tips to avoid ads. 
1) upgrade to win 10
2) set cookies to allow
3) google: your choice cookie. ( the top link ) 
4) disable all tracking cookies. us canada other countries have also other
sites,
   but im upgrading my pc now, so i dont have all here.. 
5) disable flash.
6) disable location tracking

start using Edge as browser and now go to a site with lots of ads.. 
i bet you.. 99.9% of the ads are gone. 

7) Now, set your browser to never delete the cookies.
8) set your browser to block thirt party cookies.

Have fun browsing (almost) without ads. 
!! above wont block ads, but since 99% of all ads are tracking ads, which you
blocked with above settings,
you dont see ads :-)) 


Greetz, 

Louis


>-----Oorspronkelijk bericht-----
>Van: samba [mailto:samba-bounces at lists.samba.org] Namens Mark Foley
>Verzonden: dinsdag 25 augustus 2015 06:38
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] cryptovirus protection set in group policies
>
>L.P.H. van Belle,
>
>Your off-handed comment in your message, "nice to know a 
>cryptovirus protection
>set in group policies" got my attention!
>
>Where is this in group policies? Our office was smacked with CryptoWall
>ransomware a few weeks ago. It got in through a user browsing 
>to a website with
>an infected version of Flash. It encrypted her C: drive and 
>most of her attached
>X: drive -- which is the office Shared Storage on the NAS.
>
>Tell me more!!
>
>--Mark
>
>-----Original Message-----
>From: "L.P.H. van Belle" <belle at bazuin.nl>
>To: "samba at lists.samba.org" <samba at lists.samba.org>
>Date: Thu, 20 Aug 2015 16:56:28 +0200
>Subject: Re: [Samba] Samba4 DC/AD documents created in 
>redirected folders  with bogus UID
>
>[deleted]
>
>I use Active Directory Group policies for:
>settings in windows
>folder redirects
>printer distribution base on user or group..
>software installations base on user or group..
>and Single Sign On for multple systems, windows and linux. 
>
>a nice to know a cryptovirus protection set in group policies. 
>( works agains most malware ) 
>
>[deleted]
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>