Krutskikh Ivan
2015-Nov-07 16:02 UTC
[Samba] Cannot chown file to active directory user/group on member server
Hi, I need to change ownership of server files to user/group defined in active directory ( using rfc2307 and unix attributes). Chown returns no error, but 'ls -lia' shows that file ownership is unchanged. What am I doing wrong? archive-test:/archive/video # ls -lia ./test.mp4 17121 -rw-r--r-- 1 root root 2413096 ноя 2 19:50 ./test.mp4 archive-test:/archive/video # wbinfo -u administrator xviewsion videoadm viewer1 krbtgt newadm guest test new archive-test:/archive/video # wbinfo -g allowed rodc password replication group enterprise read-only domain controllers denied rodc password replication group read-only domain controllers group policy creator owners ras and ias servers domain controllers enterprise admins domain computers cert publishers dnsupdateproxy domain admins domain guests schema admins domain users video admins dnsadmins videotest video archive-test:/archive/video # chown xviewsion ./test.mp4 archive-test:/archive/video # ls -lia ./test.mp4 17121 -rw-r--r-- 1 root root 2413096 ноя 2 19:50 ./test.mp4 I think that something is wrong with uid/gid mapping: archive-test:/archive/video # getent passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/bin/bash daemon:x:2:2:Daemon:/sbin:/bin/bash lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false news:x:9:13:News system:/etc/news:/bin/bash uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash games:x:12:100:Games account:/var/games:/bin/bash man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false ftp:x:40:49:FTP account:/srv/ftp:/bin/bash nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash messagebus:x:499:497:User for D-Bus:/run/dbus:/bin/false postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false rpc:x:498:65534:user for rpcbind:/var/lib/empty:/sbin/nologin sshd:x:497:496:SSH daemon:/var/lib/sshd:/bin/false statd:x:496:65534:NFS statd daemon:/var/lib/nfs:/sbin/nologin polkitd:x:495:495:User for polkitd:/var/lib/polkit:/sbin/nologin usrsokrat:x:1000:100::/home/usrsokrat:/bin/bash qemu:x:494:493:qemu user:/:/sbin/nologin tftp:x:493:492:TFTP account:/srv/tftpboot:/bin/false dnsmasq:x:492:65534:dnsmasq:/var/lib/empty:/bin/false avahi:x:491:491:User for Avahi:/run/avahi-daemon:/bin/false radvd:x:490:2:Router ADVertisement Daemon for:/var/lib/empty:/bin/false lxdm:x:489:488:LXDE Display Manager daemon:/var/lib/lxdm:/bin/false avahi-autoipd:x:488:487:User for Avahi IPv4LL:/var/lib/avahi-autoipd:/bin/false at:x:25:25:Batch jobs daemon:/var/spool/atjobs:/bin/bash nscd:x:487:486:User for nscd:/run/nscd:/sbin/nologin ntp:x:74:485:NTP daemon:/var/lib/ntp:/bin/false mysql:x:60:484:MySQL database admin:/var/lib/mysql:/bin/false nginx:x:486:483:user for nginx:/var/lib/nginx:/bin/false zabbix:x:485:482:Zabbix Agent Daemon:/var/lib/zabbix:/bin/false privoxy:x:484:481:Daemon user for privoxy:/var/lib/privoxy:/bin/false vscan:x:65:480:Vscan account:/var/spool/amavis:/bin/false lightdm:x:483:478:LightDM daemon:/var/lib/lightdm:/bin/false kdm:x:482:477:KDM Display Manager daemon:/var:/bin/false drweb:x:100:1000:Dr.Web system account:/var/opt/drweb.com:/bin/false asurkov:x:11114:100::/home/asurkov:/bin/bash administrator:*:4294967295:4294967295:Administrator:/home/Administrator:/bin/bash xviewsion:*:4294967295:4294967295:xviewsion:/home/xviewsion:/bin/sh videoadm:*:4294967295:4294967295:videoadm:/home/videoadm:/bin/sh viewer1:*:4294967295:4294967295:Viewer1:/home/TSNR/viewer1:/bin/bash krbtgt:*:4294967295:4294967295:krbtgt:/home/TSNR/krbtgt:/bin/bash newadm:*:4294967295:4294967295:newadm:/home/TSNR/newadm:/bin/bash guest:*:4294967295:4294967295:Guest:/home/TSNR/guest:/bin/bash test:*:4294967295:4294967295:test:/home/test:/bin/sh new:*:4294967295:4294967295:new:/home/new:/bin/sh How cat I solve this issue? Thanks in advance!
Rowland Penny
2015-Nov-07 16:19 UTC
[Samba] Cannot chown file to active directory user/group on member server
On 07/11/15 16:02, Krutskikh Ivan wrote:> Hi, > > I need to change ownership of server files to user/group defined in active > directory ( using rfc2307 and unix attributes). Chown returns no error, but > 'ls -lia' shows that file ownership is unchanged. What am I doing wrong? > > archive-test:/archive/video # ls -lia ./test.mp4 > 17121 -rw-r--r-- 1 root root 2413096 ноя 2 19:50 ./test.mp4 > archive-test:/archive/video # wbinfo -u > administrator > xviewsion > videoadm > viewer1 > krbtgt > newadm > guest > test > new > archive-test:/archive/video # wbinfo -g > allowed rodc password replication group > enterprise read-only domain controllers > denied rodc password replication group > read-only domain controllers > group policy creator owners > ras and ias servers > domain controllers > enterprise admins > domain computers > cert publishers > dnsupdateproxy > domain admins > domain guests > schema admins > domain users > video admins > dnsadmins > videotest > video > archive-test:/archive/video # chown xviewsion ./test.mp4 > archive-test:/archive/video # ls -lia ./test.mp4 > 17121 -rw-r--r-- 1 root root 2413096 ноя 2 19:50 ./test.mp4 > > > I think that something is wrong with uid/gid mapping: > > archive-test:/archive/video # getent passwd > root:x:0:0:root:/root:/bin/bash > bin:x:1:1:bin:/bin:/bin/bash > daemon:x:2:2:Daemon:/sbin:/bin/bash > lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash > mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false > news:x:9:13:News system:/etc/news:/bin/bash > uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash > games:x:12:100:Games account:/var/games:/bin/bash > man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash > wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false > ftp:x:40:49:FTP account:/srv/ftp:/bin/bash > nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash > messagebus:x:499:497:User for D-Bus:/run/dbus:/bin/false > postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false > rpc:x:498:65534:user for rpcbind:/var/lib/empty:/sbin/nologin > sshd:x:497:496:SSH daemon:/var/lib/sshd:/bin/false > statd:x:496:65534:NFS statd daemon:/var/lib/nfs:/sbin/nologin > polkitd:x:495:495:User for polkitd:/var/lib/polkit:/sbin/nologin > usrsokrat:x:1000:100::/home/usrsokrat:/bin/bash > qemu:x:494:493:qemu user:/:/sbin/nologin > tftp:x:493:492:TFTP account:/srv/tftpboot:/bin/false > dnsmasq:x:492:65534:dnsmasq:/var/lib/empty:/bin/false > avahi:x:491:491:User for Avahi:/run/avahi-daemon:/bin/false > radvd:x:490:2:Router ADVertisement Daemon for:/var/lib/empty:/bin/false > lxdm:x:489:488:LXDE Display Manager daemon:/var/lib/lxdm:/bin/false > avahi-autoipd:x:488:487:User for Avahi > IPv4LL:/var/lib/avahi-autoipd:/bin/false > at:x:25:25:Batch jobs daemon:/var/spool/atjobs:/bin/bash > nscd:x:487:486:User for nscd:/run/nscd:/sbin/nologin > ntp:x:74:485:NTP daemon:/var/lib/ntp:/bin/false > mysql:x:60:484:MySQL database admin:/var/lib/mysql:/bin/false > nginx:x:486:483:user for nginx:/var/lib/nginx:/bin/false > zabbix:x:485:482:Zabbix Agent Daemon:/var/lib/zabbix:/bin/false > privoxy:x:484:481:Daemon user for privoxy:/var/lib/privoxy:/bin/false > vscan:x:65:480:Vscan account:/var/spool/amavis:/bin/false > lightdm:x:483:478:LightDM daemon:/var/lib/lightdm:/bin/false > kdm:x:482:477:KDM Display Manager daemon:/var:/bin/false > drweb:x:100:1000:Dr.Web system account:/var/opt/drweb.com:/bin/false > asurkov:x:11114:100::/home/asurkov:/bin/bash > administrator:*:4294967295:4294967295:Administrator:/home/Administrator:/bin/bash > xviewsion:*:4294967295:4294967295:xviewsion:/home/xviewsion:/bin/sh > videoadm:*:4294967295:4294967295:videoadm:/home/videoadm:/bin/sh > viewer1:*:4294967295:4294967295:Viewer1:/home/TSNR/viewer1:/bin/bash > krbtgt:*:4294967295:4294967295:krbtgt:/home/TSNR/krbtgt:/bin/bash > newadm:*:4294967295:4294967295:newadm:/home/TSNR/newadm:/bin/bash > guest:*:4294967295:4294967295:Guest:/home/TSNR/guest:/bin/bash > test:*:4294967295:4294967295:test:/home/test:/bin/sh > new:*:4294967295:4294967295:new:/home/new:/bin/sh > >Can you provide a bit more info, What distro are you using? What version of samba? What is your smb.conf? Is this on a DC or a Domain Member? Are you using sssd? Do your users have a uidNumber? does the Domain Users group have a gidNumber? and most importantly why does every domain user and group have the ID number of 4294967295? perhaps if you supply the above, we may be able to work this out. Rowland
Jeff Dickens
2015-Nov-17 20:28 UTC
[Samba] Cannot chown file to active directory user/group on member server
On Sat, Nov 7, 2015 at 11:19 AM, Rowland Penny <rowlandpenny241155 at gmail.com> wrote:> On 07/11/15 16:02, Krutskikh Ivan wrote: > >> Hi, >> >> I need to change ownership of server files to user/group defined in active >> directory ( using rfc2307 and unix attributes). Chown returns no error, >> but >> 'ls -lia' shows that file ownership is unchanged. What am I doing wrong? >> >> archive-test:/archive/video # ls -lia ./test.mp4 >> 17121 -rw-r--r-- 1 root root 2413096 ноя 2 19:50 ./test.mp4 >> archive-test:/archive/video # wbinfo -u >> administrator >> xviewsion >> videoadm >> viewer1 >> krbtgt >> newadm >> guest >> test >> new >> archive-test:/archive/video # wbinfo -g >> allowed rodc password replication group >> enterprise read-only domain controllers >> denied rodc password replication group >> read-only domain controllers >> group policy creator owners >> ras and ias servers >> domain controllers >> enterprise admins >> domain computers >> cert publishers >> dnsupdateproxy >> domain admins >> domain guests >> schema admins >> domain users >> video admins >> dnsadmins >> videotest >> video >> archive-test:/archive/video # chown xviewsion ./test.mp4 >> archive-test:/archive/video # ls -lia ./test.mp4 >> 17121 -rw-r--r-- 1 root root 2413096 ноя 2 19:50 ./test.mp4 >> >> >> I think that something is wrong with uid/gid mapping: >> >> archive-test:/archive/video # getent passwd >> root:x:0:0:root:/root:/bin/bash >> bin:x:1:1:bin:/bin:/bin/bash >> daemon:x:2:2:Daemon:/sbin:/bin/bash >> lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash >> mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false >> news:x:9:13:News system:/etc/news:/bin/bash >> uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash >> games:x:12:100:Games account:/var/games:/bin/bash >> man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash >> wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false >> ftp:x:40:49:FTP account:/srv/ftp:/bin/bash >> nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash >> messagebus:x:499:497:User for D-Bus:/run/dbus:/bin/false >> postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false >> rpc:x:498:65534:user for rpcbind:/var/lib/empty:/sbin/nologin >> sshd:x:497:496:SSH daemon:/var/lib/sshd:/bin/false >> statd:x:496:65534:NFS statd daemon:/var/lib/nfs:/sbin/nologin >> polkitd:x:495:495:User for polkitd:/var/lib/polkit:/sbin/nologin >> usrsokrat:x:1000:100::/home/usrsokrat:/bin/bash >> qemu:x:494:493:qemu user:/:/sbin/nologin >> tftp:x:493:492:TFTP account:/srv/tftpboot:/bin/false >> dnsmasq:x:492:65534:dnsmasq:/var/lib/empty:/bin/false >> avahi:x:491:491:User for Avahi:/run/avahi-daemon:/bin/false >> radvd:x:490:2:Router ADVertisement Daemon for:/var/lib/empty:/bin/false >> lxdm:x:489:488:LXDE Display Manager daemon:/var/lib/lxdm:/bin/false >> avahi-autoipd:x:488:487:User for Avahi >> IPv4LL:/var/lib/avahi-autoipd:/bin/false >> at:x:25:25:Batch jobs daemon:/var/spool/atjobs:/bin/bash >> nscd:x:487:486:User for nscd:/run/nscd:/sbin/nologin >> ntp:x:74:485:NTP daemon:/var/lib/ntp:/bin/false >> mysql:x:60:484:MySQL database admin:/var/lib/mysql:/bin/false >> nginx:x:486:483:user for nginx:/var/lib/nginx:/bin/false >> zabbix:x:485:482:Zabbix Agent Daemon:/var/lib/zabbix:/bin/false >> privoxy:x:484:481:Daemon user for privoxy:/var/lib/privoxy:/bin/false >> vscan:x:65:480:Vscan account:/var/spool/amavis:/bin/false >> lightdm:x:483:478:LightDM daemon:/var/lib/lightdm:/bin/false >> kdm:x:482:477:KDM Display Manager daemon:/var:/bin/false >> drweb:x:100:1000:Dr.Web system account:/var/opt/drweb.com:/bin/false >> asurkov:x:11114:100::/home/asurkov:/bin/bash >> >> administrator:*:4294967295:4294967295:Administrator:/home/Administrator:/bin/bash >> xviewsion:*:4294967295:4294967295:xviewsion:/home/xviewsion:/bin/sh >> videoadm:*:4294967295:4294967295:videoadm:/home/videoadm:/bin/sh >> viewer1:*:4294967295:4294967295:Viewer1:/home/TSNR/viewer1:/bin/bash >> krbtgt:*:4294967295:4294967295:krbtgt:/home/TSNR/krbtgt:/bin/bash >> newadm:*:4294967295:4294967295:newadm:/home/TSNR/newadm:/bin/bash >> guest:*:4294967295:4294967295:Guest:/home/TSNR/guest:/bin/bash >> test:*:4294967295:4294967295:test:/home/test:/bin/sh >> new:*:4294967295:4294967295:new:/home/new:/bin/sh >> >> >> > Can you provide a bit more info, > What distro are you using? > What version of samba? > What is your smb.conf? > Is this on a DC or a Domain Member? > Are you using sssd? > Do your users have a uidNumber? > does the Domain Users group have a gidNumber? > > and most importantly why does every domain user and group have the ID > number of 4294967295? perhaps if you supply the above, we may be able to > work this out. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >I am having an identical problem. As the OP said (in the subject), this is a member server, not on the DC. I'm using the sernet distribution of samba 4.2 on Ubuntu 14 LTS. I configured nsswitch.conf on the DC to see if it would work there and I see the same behavior: root at athens:~# ls -l secondfile.txt -rw-rw-r-- 1 root users 0 Nov 17 15:15 secondfile.txt root at athens:~# chown Administrator:"Domain Users" secondfile.txt root at athens:~# ls -l secondfile.txt -rw-rw-r-- 1 root users 0 Nov 17 15:15 secondfile.txt root at athens:~# more info: With getent I get different behavior on the DC and member server: On the DC: root at athens:~# getent passwd Administrator administrator:*:0:100::/home/IOL/administrator:/bin/false root at athens:~# getent group "Domain Users" domain users:x:100: On the member server: root at florence:/home# getent passwd Administrator administrator:*:4294967295:4294967295::/home/IOL/administrator:/bin/false root at florence:/home# root at florence:/home# getent group "Domain Users" domain users:x:4294967295: The smb.conf on the dc: # Global parameters [global] workgroup = IOL realm = IOL.SEAMANPAPER.COM netbios name = ATHENS server role = active directory domain controller dns forwarder = 75.75.75.75 idmap_ldb:use rfc2307 = yes [netlogon] path = /var/lib/samba/sysvol/iol.seamanpaper.com/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No The smb.conf on the member server: [global] netbios name = FLORENCE security = ADS workgroup = IOL realm = IOL.SEAMANPAPER.COM log file = /var/log/samba/%m.log log level = 1 dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind refresh tickets = yes winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes # idmap config used for your domain. # Choose one of the following backends fitting to your # requirements and add the corresponding configuration. idmap config ad # - idmap config rid # - idmap config autorid [home] path=/home/ read only = No Thanks in advance for any help.
Possibly Parallel Threads
- Cannot chown file to active directory user/group on member server
- Cannot chown file to active directory user/group on member server
- Cannot chown file to active directory user/group on member server
- Cannot chown file to active directory user/group on member server
- unique index violation on objectSid on samba ad