samba - Aug 2015 - Samba4 DC/AD documents created in redirected folders with bogus UID

On 20/08/15 15:24, Mark Foley wrote:
> Guilherme Boing, on 19 Aug 2015 14:31 you wrote:
>
>> I just noticed that my fresh install of Samba 4.2.3 has the same
behaviour.
> Did you get a solution?
>
> Odd, but this topic doesn't seem to be getting much traction.  I wonder
what
> people are using Samba4 for.  Outside of hard-cord samba-junkies who love
> spending hours testing all kinds of esoteric features, I think most serious
> Samba4 AD/DC users are like me: small office, single domain with a
dozen-ish
> Windows workstations.  We don't have forests and trees scattered all
over the
> planet.  For us, AD/DC is used for: DNS, DHCP, mail server, Windows
> Authenticated login so users can log into any workstation, and redirected
> folders so users' desktops follow them to any workstation.
>
> Those are the fundamentals. Other than Windows Authentication and
redirected
> folders, I don't really see the point of Active Directory.
>
> Therefore, for what I consider to be core, real-world Samba4 usage, this
problem
> of users' files getting created with the wrong UID seems to a
top-priority bug.
>
> Any suggestions? Something in smb.conf, nsswitch.conf? A setting in RSAT?
>
> --Mark
>
> -----Original Message-----
>> Date: Wed, 19 Aug 2015 14:31:33 -0300
>> From: Guilherme Boing <kolt+samba at frag.com.br>
>> Cc: samba <samba at lists.samba.org>
>> Subject: Re: [Samba] Samba4 DC/AD documents created in redirected
folders  with bogus UID
>>
>> I just noticed that my fresh install of Samba 4.2.3 has the same
behaviour.
>>
>> I have a share (\\samba\it_share)) and some users when creating files
have
>> the UID as 3000000 and some have their correct UIDs.
>> Share permissons are being controlled by Windows ACLs.
>>
>> On Wed, Aug 19, 2015 at 1:58 PM, Mark Foley <mfoley at
novatec-inc.com> wrote:
>>
>>> More information,
>>>
>>> It appears I've had this issue since installing Samba 4.1.0
about 6 months
>>> ago.
>>> When I add a domain user, the DC resisdent redirected folder gets
>>> synchronized
>>> with the user's desktop with the correct UID.
>>>
>>> For some users, but not all, new "My Documents" get
created with UID
>>> 3000000 on
>>> the DC, not the user's correct ID as shown by wbinfo.  I
haven't been able
>>> to
>>> see a configuration difference between users who are able to create
the
>>> files
>>> with the correct UID and those not.
>>>
>>> I need to figure this out soon. Otherwise, the users get error
messages
>>> like
>>> "Protected View. This file came from the Internet ..."
when trying to open
>>> files
>>> originally sync'd with the correct UID.
>>>
>>> --Mark
>>>
>>> -----Original Message-----
>>>> From: Mark Foley <mfoley at novatec-inc.com>
>>>> Date: Wed, 19 Aug 2015 01:14:03 -0400
>>>> To: samba at lists.samba.org
>>>>
>>>> My up-front apologies if this topic has been covered. This is
my first
>>> time
>>>> using this list and I don't know how to search for existing
topics yet
>>> ...
>>>> I installed Samba4 on Linux Slackware 64 version 14.1 about 6
months
>>> ago. I set
>>>> up redirected folders for the Windows 7 Workstation users. All
worked
>>> fine until
>>>> recently. Now, when several of the users create documents and
folders on
>>> their
>>>> "Desktop" (redirected to the DC) they are being
created with UID
>>> 3000000, which
>>>> is not a configured UID. For example:
>>>>
>>>> $ ls -ltrn "/redirectedFolders/Users/matkeson/My
Documents"
>>>> -rwxrwx---+ 1 3000045 100  27648 2015-07-30 07:17 Accounts\
>>> 7-1-2015.docx*
>>>> drwxrwx---+ 2 3000045 100   4096 2015-08-11 09:27
Correspondence/
>>>> -rwxrwx---+ 1 3000000 100  11423 2015-08-18 11:04
testMark.docx*
>>>>
>>>> This user's actual UID is 3000045, as created months ago
via Windows
>>> RSAT.
>>>> Confirmed by:
>>>>
>>>> $ wbinfo -i matkeson
>>>> HPRS\matkeson:*:3000045:100:Mark
Atkeson:/home/HPRS/matkeson:/bin/false
>>>>
>>>> I did recently upgrade Samba from the originally installed
4.1.0 to
>>> 4.1.17 a
>>>> couple of weeks ago, but I can't really confirm that is
when the problem
>>> started
>>>> showing up.  I find files with this 3000000 UID on backups
before the
>>> upgrade (I
>>>> think).
>>>>
>>>> This does not affect all users. I find 3 for sure it happens to
and 3
>>> for sure
>>>> it does not happen to.
>>>>
>>>> I do have "idmap_ldb:use rfc2307 = yes" set in
smb.conf
>>>>
>>>> THX
>>>>
Are you sure this is a Samba problem ? '3000000' is the UID/GID (yes it 
is both) for 'S-1-5-32-544' which is the Administrators group. Are the 
problem users also members of the Administrators group? As far as I am 
aware there is nothing in Samba that sets the permissions of a share 
(apart from Sysvol and this is a special case), you have to set the 
ownership etc somewhere, from the windows security tab for instance, or 
directly on the share dir on the Samba server. I would check the windows 
machines, you may find that the problem lies there.

Rowland

Oooo!! You may have something there! I don't know whether these users are in
the
admin group, but they could be.  I have been messing around with admin priv in
order to allow users to be admins on their own workstations.  I've got a
Group
Policy method with computer startup script and have also created a login on the
user's workstation with the same name as the user, but as local admin. 

I'll check all this out and report back. I won't be near that computer
until
Monday.

btw - how did you know 3000000 is the Administrators group? Where is that and
the 'S-1-5-32-544' thing defined.

--Mark

-----Original Message-----
> Date: Thu, 20 Aug 2015 15:56:15 +0100
> From: Rowland Penny <rowlandpenny241155 at gmail.com>
> To: samba at lists.samba.org
> Subject: Re: [Samba] Samba4 DC/AD documents created in redirected folders
with bogus UID
>
> Are you sure this is a Samba problem ? '3000000' is the UID/GID
(yes it
> is both) for 'S-1-5-32-544' which is the Administrators group. Are
the
> problem users also members of the Administrators group? As far as I am 
> aware there is nothing in Samba that sets the permissions of a share 
> (apart from Sysvol and this is a special case), you have to set the 
> ownership etc somewhere, from the windows security tab for instance, or 
> directly on the share dir on the Samba server. I would check the windows 
> machines, you may find that the problem lies there.
>
> Rowland
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
> On 20/08/15 15:24, Mark Foley wrote:
> > Guilherme Boing, on 19 Aug 2015 14:31 you wrote:
> >
> >> I just noticed that my fresh install of Samba 4.2.3 has the same
behaviour.
> > Did you get a solution?
> >
> > Odd, but this topic doesn't seem to be getting much traction.  I
wonder what
> > people are using Samba4 for.  Outside of hard-cord samba-junkies who
love
> > spending hours testing all kinds of esoteric features, I think most
serious
> > Samba4 AD/DC users are like me: small office, single domain with a
dozen-ish
> > Windows workstations.  We don't have forests and trees scattered
all over the
> > planet.  For us, AD/DC is used for: DNS, DHCP, mail server, Windows
> > Authenticated login so users can log into any workstation, and
redirected
> > folders so users' desktops follow them to any workstation.
> >
> > Those are the fundamentals. Other than Windows Authentication and
redirected
> > folders, I don't really see the point of Active Directory.
> >
> > Therefore, for what I consider to be core, real-world Samba4 usage,
this problem
> > of users' files getting created with the wrong UID seems to a
top-priority bug.
> >
> > Any suggestions? Something in smb.conf, nsswitch.conf? A setting in
RSAT?
> >
> > --Mark
> >
> > -----Original Message-----
> >> Date: Wed, 19 Aug 2015 14:31:33 -0300
> >> From: Guilherme Boing <kolt+samba at frag.com.br>
> >> Cc: samba <samba at lists.samba.org>
> >> Subject: Re: [Samba] Samba4 DC/AD documents created in redirected
folders  with bogus UID
> >>
> >> I just noticed that my fresh install of Samba 4.2.3 has the same
behaviour.
> >>
> >> I have a share (\\samba\it_share)) and some users when creating
files have
> >> the UID as 3000000 and some have their correct UIDs.
> >> Share permissons are being controlled by Windows ACLs.
> >>
> >> On Wed, Aug 19, 2015 at 1:58 PM, Mark Foley <mfoley at
novatec-inc.com> wrote:
> >>
> >>> More information,
> >>>
> >>> It appears I've had this issue since installing Samba
4.1.0 about 6 months
> >>> ago.
> >>> When I add a domain user, the DC resisdent redirected folder
gets
> >>> synchronized
> >>> with the user's desktop with the correct UID.
> >>>
> >>> For some users, but not all, new "My Documents" get
created with UID
> >>> 3000000 on
> >>> the DC, not the user's correct ID as shown by wbinfo.  I
haven't been able
> >>> to
> >>> see a configuration difference between users who are able to
create the
> >>> files
> >>> with the correct UID and those not.
> >>>
> >>> I need to figure this out soon. Otherwise, the users get error
messages
> >>> like
> >>> "Protected View. This file came from the Internet
..." when trying to open
> >>> files
> >>> originally sync'd with the correct UID.
> >>>
> >>> --Mark
> >>>
> >>> -----Original Message-----
> >>>> From: Mark Foley <mfoley at novatec-inc.com>
> >>>> Date: Wed, 19 Aug 2015 01:14:03 -0400
> >>>> To: samba at lists.samba.org
> >>>>
> >>>> My up-front apologies if this topic has been covered. This
is my first
> >>> time
> >>>> using this list and I don't know how to search for
existing topics yet
> >>> ...
> >>>> I installed Samba4 on Linux Slackware 64 version 14.1
about 6 months
> >>> ago. I set
> >>>> up redirected folders for the Windows 7 Workstation users.
All worked
> >>> fine until
> >>>> recently. Now, when several of the users create documents
and folders on
> >>> their
> >>>> "Desktop" (redirected to the DC) they are being
created with UID
> >>> 3000000, which
> >>>> is not a configured UID. For example:
> >>>>
> >>>> $ ls -ltrn "/redirectedFolders/Users/matkeson/My
Documents"
> >>>> -rwxrwx---+ 1 3000045 100  27648 2015-07-30 07:17
Accounts\
> >>> 7-1-2015.docx*
> >>>> drwxrwx---+ 2 3000045 100   4096 2015-08-11 09:27
Correspondence/
> >>>> -rwxrwx---+ 1 3000000 100  11423 2015-08-18 11:04
testMark.docx*
> >>>>
> >>>> This user's actual UID is 3000045, as created months
ago via Windows
> >>> RSAT.
> >>>> Confirmed by:
> >>>>
> >>>> $ wbinfo -i matkeson
> >>>> HPRS\matkeson:*:3000045:100:Mark
Atkeson:/home/HPRS/matkeson:/bin/false
> >>>>
> >>>> I did recently upgrade Samba from the originally installed
4.1.0 to
> >>> 4.1.17 a
> >>>> couple of weeks ago, but I can't really confirm that
is when the problem
> >>> started
> >>>> showing up.  I find files with this 3000000 UID on backups
before the
> >>> upgrade (I
> >>>> think).
> >>>>
> >>>> This does not affect all users. I find 3 for sure it
happens to and 3
> >>> for sure
> >>>> it does not happen to.
> >>>>
> >>>> I do have "idmap_ldb:use rfc2307 = yes" set in
smb.conf
> >>>>
> >>>> THX
> >>>>
>

On 20/08/15 20:33, Mark Foley wrote:
> Oooo!! You may have something there! I don't know whether these users
are in the
> admin group, but they could be.  I have been messing around with admin priv
in
> order to allow users to be admins on their own workstations.  I've got
a Group
> Policy method with computer startup script and have also created a login on
the
> user's workstation with the same name as the user, but as local admin.
>
> I'll check all this out and report back. I won't be near that
computer until
> Monday.
>
> btw - how did you know 3000000 is the Administrators group? Where is that
and
> the 'S-1-5-32-544' thing defined.
 From experience '3000000' is the only UID/GID number you can rely on to
always be the same on Samba 4 DCs. They are stored in idmap.ldb, you can 
find this in /var/lib/samba/private (on debian at least), you can read 
it with 'ldbedit -e nano -H /var/lib/samba/private/idmap.ldb

The 'S-1-5-32-544' thing is also known as a 'well known RID'

Rowland
>
> --Mark
>
> -----Original Message-----
>> Date: Thu, 20 Aug 2015 15:56:15 +0100
>> From: Rowland Penny <rowlandpenny241155 at gmail.com>
>> To: samba at lists.samba.org
>> Subject: Re: [Samba] Samba4 DC/AD documents created in redirected
folders with bogus UID
>>
>> Are you sure this is a Samba problem ? '3000000' is the UID/GID
(yes it
>> is both) for 'S-1-5-32-544' which is the Administrators group.
Are the
>> problem users also members of the Administrators group? As far as I am
>> aware there is nothing in Samba that sets the permissions of a share
>> (apart from Sysvol and this is a special case), you have to set the
>> ownership etc somewhere, from the windows security tab for instance, or
>> directly on the share dir on the Samba server. I would check the
windows
>> machines, you may find that the problem lies there.
>>
>> Rowland
>>
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>> On 20/08/15 15:24, Mark Foley wrote:
>>> Guilherme Boing, on 19 Aug 2015 14:31 you wrote:
>>>
>>>> I just noticed that my fresh install of Samba 4.2.3 has the
same behaviour.
>>> Did you get a solution?
>>>
>>> Odd, but this topic doesn't seem to be getting much traction. 
I wonder what
>>> people are using Samba4 for.  Outside of hard-cord samba-junkies
who love
>>> spending hours testing all kinds of esoteric features, I think most
serious
>>> Samba4 AD/DC users are like me: small office, single domain with a
dozen-ish
>>> Windows workstations.  We don't have forests and trees
scattered all over the
>>> planet.  For us, AD/DC is used for: DNS, DHCP, mail server, Windows
>>> Authenticated login so users can log into any workstation, and
redirected
>>> folders so users' desktops follow them to any workstation.
>>>
>>> Those are the fundamentals. Other than Windows Authentication and
redirected
>>> folders, I don't really see the point of Active Directory.
>>>
>>> Therefore, for what I consider to be core, real-world Samba4 usage,
this problem
>>> of users' files getting created with the wrong UID seems to a
top-priority bug.
>>>
>>> Any suggestions? Something in smb.conf, nsswitch.conf? A setting in
RSAT?
>>>
>>> --Mark
>>>
>>> -----Original Message-----
>>>> Date: Wed, 19 Aug 2015 14:31:33 -0300
>>>> From: Guilherme Boing <kolt+samba at frag.com.br>
>>>> Cc: samba <samba at lists.samba.org>
>>>> Subject: Re: [Samba] Samba4 DC/AD documents created in
redirected folders  with bogus UID
>>>>
>>>> I just noticed that my fresh install of Samba 4.2.3 has the
same behaviour.
>>>>
>>>> I have a share (\\samba\it_share)) and some users when creating
files have
>>>> the UID as 3000000 and some have their correct UIDs.
>>>> Share permissons are being controlled by Windows ACLs.
>>>>
>>>> On Wed, Aug 19, 2015 at 1:58 PM, Mark Foley <mfoley at
novatec-inc.com> wrote:
>>>>
>>>>> More information,
>>>>>
>>>>> It appears I've had this issue since installing Samba
4.1.0 about 6 months
>>>>> ago.
>>>>> When I add a domain user, the DC resisdent redirected
folder gets
>>>>> synchronized
>>>>> with the user's desktop with the correct UID.
>>>>>
>>>>> For some users, but not all, new "My Documents"
get created with UID
>>>>> 3000000 on
>>>>> the DC, not the user's correct ID as shown by wbinfo. 
I haven't been able
>>>>> to
>>>>> see a configuration difference between users who are able
to create the
>>>>> files
>>>>> with the correct UID and those not.
>>>>>
>>>>> I need to figure this out soon. Otherwise, the users get
error messages
>>>>> like
>>>>> "Protected View. This file came from the Internet
..." when trying to open
>>>>> files
>>>>> originally sync'd with the correct UID.
>>>>>
>>>>> --Mark
>>>>>
>>>>> -----Original Message-----
>>>>>> From: Mark Foley <mfoley at novatec-inc.com>
>>>>>> Date: Wed, 19 Aug 2015 01:14:03 -0400
>>>>>> To: samba at lists.samba.org
>>>>>>
>>>>>> My up-front apologies if this topic has been covered.
This is my first
>>>>> time
>>>>>> using this list and I don't know how to search for
existing topics yet
>>>>> ...
>>>>>> I installed Samba4 on Linux Slackware 64 version 14.1
about 6 months
>>>>> ago. I set
>>>>>> up redirected folders for the Windows 7 Workstation
users. All worked
>>>>> fine until
>>>>>> recently. Now, when several of the users create
documents and folders on
>>>>> their
>>>>>> "Desktop" (redirected to the DC) they are
being created with UID
>>>>> 3000000, which
>>>>>> is not a configured UID. For example:
>>>>>>
>>>>>> $ ls -ltrn "/redirectedFolders/Users/matkeson/My
Documents"
>>>>>> -rwxrwx---+ 1 3000045 100  27648 2015-07-30 07:17
Accounts\
>>>>> 7-1-2015.docx*
>>>>>> drwxrwx---+ 2 3000045 100   4096 2015-08-11 09:27
Correspondence/
>>>>>> -rwxrwx---+ 1 3000000 100  11423 2015-08-18 11:04
testMark.docx*
>>>>>>
>>>>>> This user's actual UID is 3000045, as created
months ago via Windows
>>>>> RSAT.
>>>>>> Confirmed by:
>>>>>>
>>>>>> $ wbinfo -i matkeson
>>>>>> HPRS\matkeson:*:3000045:100:Mark
Atkeson:/home/HPRS/matkeson:/bin/false
>>>>>>
>>>>>> I did recently upgrade Samba from the originally
installed 4.1.0 to
>>>>> 4.1.17 a
>>>>>> couple of weeks ago, but I can't really confirm
that is when the problem
>>>>> started
>>>>>> showing up.  I find files with this 3000000 UID on
backups before the
>>>>> upgrade (I
>>>>>> think).
>>>>>>
>>>>>> This does not affect all users. I find 3 for sure it
happens to and 3
>>>>> for sure
>>>>>> it does not happen to.
>>>>>>
>>>>>> I do have "idmap_ldb:use rfc2307 = yes" set
in smb.conf
>>>>>>
>>>>>> THX
>>>>>>

Turns out Rowland hit the nail on the head. I confirmed that the affected users
were in the 'Administrators' Group. When I removed them from that group,
all new
files were then created with their *real* UID.

As to whether this is "correct" behavior (L.P.H. van Belle's
comment), Rowland's
suggested link:
http://serverfault.com/questions/19311/file-ownership-for-new-files-with-administrator-why-is-it-giving-ownership-to
gives a more-or-less explanation. My short version: another Windows security
hack to try and shore-up a fundamentally unsecure OS. 

Whether or not the behavior seems correct to [U|Li]nix users matters not. Active
Directory is Microsoft's sandbox and we have to play by Microsoft's
rules.

Very helpful thread. I doubt I would have figured this out on my own.

Thanks all --Mark

-----Original Message-----
> From: Mark Foley <mfoley at novatec-inc.com>
> Date: Thu, 20 Aug 2015 15:33:39 -0400
> Organization: Novatec Software Engineering, LLC
> To: samba at lists.samba.org
>
> Oooo!! You may have something there! I don't know whether these users
are in the
> admin group, but they could be.  I have been messing around with admin priv
in
> order to allow users to be admins on their own workstations.  I've got
a Group
> Policy method with computer startup script and have also created a login on
the
> user's workstation with the same name as the user, but as local admin. 
>
> I'll check all this out and report back. I won't be near that
computer until
> Monday.
>
> btw - how did you know 3000000 is the Administrators group? Where is that
and
> the 'S-1-5-32-544' thing defined.
>
> --Mark
>
> -----Original Message-----
> > Date: Thu, 20 Aug 2015 15:56:15 +0100
> > From: Rowland Penny <rowlandpenny241155 at gmail.com>
> > To: samba at lists.samba.org
> > Subject: Re: [Samba] Samba4 DC/AD documents created in redirected
folders with bogus UID
> >
> > Are you sure this is a Samba problem ? '3000000' is the
UID/GID (yes it
> > is both) for 'S-1-5-32-544' which is the Administrators group.
Are the
> > problem users also members of the Administrators group? As far as I am
> > aware there is nothing in Samba that sets the permissions of a share 
> > (apart from Sysvol and this is a special case), you have to set the 
> > ownership etc somewhere, from the windows security tab for instance,
or
> > directly on the share dir on the Samba server. I would check the
windows
> > machines, you may find that the problem lies there.
> >
> > Rowland
> >
> >
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> > On 20/08/15 15:24, Mark Foley wrote:
> > > Guilherme Boing, on 19 Aug 2015 14:31 you wrote:
> > >
> > >> I just noticed that my fresh install of Samba 4.2.3 has the
same behaviour.
> > > Did you get a solution?
> > >
> > > Odd, but this topic doesn't seem to be getting much traction.
I wonder what
> > > people are using Samba4 for.  Outside of hard-cord samba-junkies
who love
> > > spending hours testing all kinds of esoteric features, I think
most serious
> > > Samba4 AD/DC users are like me: small office, single domain with
a dozen-ish
> > > Windows workstations.  We don't have forests and trees
scattered all over the
> > > planet.  For us, AD/DC is used for: DNS, DHCP, mail server,
Windows
> > > Authenticated login so users can log into any workstation, and
redirected
> > > folders so users' desktops follow them to any workstation.
> > >
> > > Those are the fundamentals. Other than Windows Authentication and
redirected
> > > folders, I don't really see the point of Active Directory.
> > >
> > > Therefore, for what I consider to be core, real-world Samba4
usage, this problem
> > > of users' files getting created with the wrong UID seems to a
top-priority bug.
> > >
> > > Any suggestions? Something in smb.conf, nsswitch.conf? A setting
in RSAT?
> > >
> > > --Mark
> > >
> > > -----Original Message-----
> > >> Date: Wed, 19 Aug 2015 14:31:33 -0300
> > >> From: Guilherme Boing <kolt+samba at frag.com.br>
> > >> Cc: samba <samba at lists.samba.org>
> > >> Subject: Re: [Samba] Samba4 DC/AD documents created in
redirected folders  with bogus UID
> > >>
> > >> I just noticed that my fresh install of Samba 4.2.3 has the
same behaviour.
> > >>
> > >> I have a share (\\samba\it_share)) and some users when
creating files have
> > >> the UID as 3000000 and some have their correct UIDs.
> > >> Share permissons are being controlled by Windows ACLs.
> > >>
> > >> On Wed, Aug 19, 2015 at 1:58 PM, Mark Foley <mfoley at
novatec-inc.com> wrote:
> > >>
> > >>> More information,
> > >>>
> > >>> It appears I've had this issue since installing Samba
4.1.0 about 6 months
> > >>> ago.
> > >>> When I add a domain user, the DC resisdent redirected
folder gets
> > >>> synchronized
> > >>> with the user's desktop with the correct UID.
> > >>>
> > >>> For some users, but not all, new "My Documents"
get created with UID
> > >>> 3000000 on
> > >>> the DC, not the user's correct ID as shown by wbinfo.
I haven't been able
> > >>> to
> > >>> see a configuration difference between users who are able
to create the
> > >>> files
> > >>> with the correct UID and those not.
> > >>>
> > >>> I need to figure this out soon. Otherwise, the users get
error messages
> > >>> like
> > >>> "Protected View. This file came from the Internet
..." when trying to open
> > >>> files
> > >>> originally sync'd with the correct UID.
> > >>>
> > >>> --Mark
> > >>>
> > >>> -----Original Message-----
> > >>>> From: Mark Foley <mfoley at novatec-inc.com>
> > >>>> Date: Wed, 19 Aug 2015 01:14:03 -0400
> > >>>> To: samba at lists.samba.org
> > >>>>
> > >>>> My up-front apologies if this topic has been covered.
This is my first
> > >>> time
> > >>>> using this list and I don't know how to search
for existing topics yet
> > >>> ...
> > >>>> I installed Samba4 on Linux Slackware 64 version 14.1
about 6 months
> > >>> ago. I set
> > >>>> up redirected folders for the Windows 7 Workstation
users. All worked
> > >>> fine until
> > >>>> recently. Now, when several of the users create
documents and folders on
> > >>> their
> > >>>> "Desktop" (redirected to the DC) they are
being created with UID
> > >>> 3000000, which
> > >>>> is not a configured UID. For example:
> > >>>>
> > >>>> $ ls -ltrn "/redirectedFolders/Users/matkeson/My
Documents"
> > >>>> -rwxrwx---+ 1 3000045 100  27648 2015-07-30 07:17
Accounts\
> > >>> 7-1-2015.docx*
> > >>>> drwxrwx---+ 2 3000045 100   4096 2015-08-11 09:27
Correspondence/
> > >>>> -rwxrwx---+ 1 3000000 100  11423 2015-08-18 11:04
testMark.docx*
> > >>>>
> > >>>> This user's actual UID is 3000045, as created
months ago via Windows
> > >>> RSAT.
> > >>>> Confirmed by:
> > >>>>
> > >>>> $ wbinfo -i matkeson
> > >>>> HPRS\matkeson:*:3000045:100:Mark
Atkeson:/home/HPRS/matkeson:/bin/false
> > >>>>
> > >>>> I did recently upgrade Samba from the originally
installed 4.1.0 to
> > >>> 4.1.17 a
> > >>>> couple of weeks ago, but I can't really confirm
that is when the problem
> > >>> started
> > >>>> showing up.  I find files with this 3000000 UID on
backups before the
> > >>> upgrade (I
> > >>>> think).
> > >>>>
> > >>>> This does not affect all users. I find 3 for sure it
happens to and 3
> > >>> for sure
> > >>>> it does not happen to.
> > >>>>
> > >>>> I do have "idmap_ldb:use rfc2307 = yes" set
in smb.conf
> > >>>>
> > >>>> THX
> > >>>>
> >
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>