On 16/11/15 12:23, Alex Sviridov wrote:> I use samba 4.1 as dc with acl. I have user with uid 3000023. However, I
don't have group with guid 3000023. However, when this user creates a folder
samba in acl list creates permissions for group 3000023 and as result I have
broken link.
>
> Rowland Penny (thanks to him) said that I could see the type: ID_TYPE_BOTH
setting in /usr/local/samba/private/idmap.ldb.
>
> As I understood I must change type to ID_TYPE_UID. But , I can't
understand what is the nice way to do it.
> As new users are added via samba-tool. So, should I manually change
"type" option in idmap.ldb for every
> new user? Or there is another way.
>
> I am sorry, If I ask something stupid. Please, just say what I understand
wrong and how to fix these broken links.
>
>
>
>
They may not be broken links, first and foremost, just who is '3000023'
?
can you post the entire object from idmap.ldb
It should look something like this:
dn: CN=S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-501
cn: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-501
objectClass: sidMap
objectSid: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-501
type: ID_TYPE_BOTH
xidNumber: 3000011
distinguishedName: CN=S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-501
NOTE: real numbers replaced with 'x'
Rowland