thr3ads.net - samba - [Samba] id username output ADDC and Member. [Jun 2016]

If this information is useful, please help other people find it:
Share via:

L.P.H. van Belle

2016-Jun-28 15:00 UTC

[Samba] id username output ADDC and Member.

> 
> I love diving : )
> 
Ok mathias, 

Can you explain this. 
This i dont get....   

Why is this output so different, and i dont mean the difference with NTDOMAIN\..

See the groups differences...   between a ADDC and a member server.. 


Samba 4.4.3 ADDC 
id someusername

uid=10002(NTDOMAIN\someusername) gid=10000(NTDOMAIN\domain users)
groups=10000(NTDOMAIN\domain
users),3000053(NTDOMAIN\sng-certificaat-gpo),10005(NTDOMAIN\remote-webmail),
3000058(NTDOMAIN\usb-lees-toegang),10003(NTDOMAIN\server-aftermath),10008(NTDOMAIN\servers-www),3000154(NTDOMAIN\remote-xenservers),
3000118(NTDOMAIN\cddvd-schrijf-toegang),3000030(NTDOMAIN\remote-toegang-pcs),3000117(NTDOMAIN\cddvd-lees-toegang),3000059(NTDOMAIN\usb-schrijf-toegang),
3000148(NTDOMAIN\gitslinux-gebruikers),3000043(NTDOMAIN\afd-itdep),3000173(NTDOMAIN\dnsadmins),3000038(NTDOMAIN\vest-rotterdam),3000039(NTDOMAIN\allen),
3000065(NTDOMAIN\vertrouwde-websites),3000040(NTDOMAIN\boven),3000004(NTDOMAIN\group
policy creator owners),3000005(NTDOMAIN\denied rodc password replication group),
10004(NTDOMAIN\servers-ssh),3000174(NTDOMAIN\lokaleprinter-xerox11hp),3000176(NTDOMAIN\alle-schijftoegang),3000005(NTDOMAIN\denied
rodc password replication group),
3000173(NTDOMAIN\dnsadmins),3000009(BUILTIN\users)


Samba 4.4.3 Member server.
id someusername

uid=10002(someusername) gid=10000(domain users) groups=10000(domain
users),27(sudo),116(lpadmin),10005(remote-webmail),10003(server-aftermath),
10008(servers-www),10004(servers-ssh),10009(alle-schijftoegang),2001(BUILTIN\users)


Now if i add this user on the member server in the sudo group... 
you see : 27(sudo)

same on the ADDC, nothing .. but the use IS added to the local group sudo.
I checked the /etc/group

Very strange imo.. 



Greetz, 

Louis

L.P.H. van Belle

2016-Jun-29 06:15 UTC

head link

[Samba] id username output ADDC and Member.

Hi Rowland, 

Yes, thats done, the domain user exist on both servers in local sudo group. 
But why do i see much more groups on the ADDC, and even groups where this user
is NOT member of, like 3000005(NTDOMAIN\denied rodc password replication group).

See .. 2x 
3000005(NTDOMAIN\denied rodc password replication group
3000005(NTDOMAIN\denied rodc password replication group

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: Rowland penny [mailto:rpenny at samba.org]
> Verzonden: dinsdag 28 juni 2016 17:23
> Aan: L.P.H. van Belle
> Onderwerp: Re: [Samba] id username output ADDC and Member.
> 
> On 28/06/16 16:00, L.P.H. van Belle wrote:
> >> I love diving : )
> >>
> > Ok mathias,
> >
> > Can you explain this.
> > This i dont get....
> >
> > Why is this output so different, and i dont mean the difference with
> NTDOMAIN\..
> >
> > See the groups differences...   between a ADDC and a member server..
> >
> >
> > Samba 4.4.3 ADDC
> > id someusername
> >
> > uid=10002(NTDOMAIN\someusername) gid=10000(NTDOMAIN\domain users)
> groups=10000(NTDOMAIN\domain users),3000053(NTDOMAIN\sng-certificaat-
> gpo),10005(NTDOMAIN\remote-webmail),
> > 3000058(NTDOMAIN\usb-lees-toegang),10003(NTDOMAIN\server-
> aftermath),10008(NTDOMAIN\servers-www),3000154(NTDOMAIN\remote-
> xenservers),
> >
3000118(NTDOMAIN\cddvd-schrijf-toegang),3000030(NTDOMAIN\remote-toegang-
> pcs),3000117(NTDOMAIN\cddvd-lees-toegang),3000059(NTDOMAIN\usb-schrijf-
> toegang),
> > 3000148(NTDOMAIN\gitslinux-gebruikers),3000043(NTDOMAIN\afd-
> itdep),3000173(NTDOMAIN\dnsadmins),3000038(NTDOMAIN\vest-
> rotterdam),3000039(NTDOMAIN\allen),
> > 3000065(NTDOMAIN\vertrouwde-
> websites),3000040(NTDOMAIN\boven),3000004(NTDOMAIN\group policy creator
> owners),3000005(NTDOMAIN\denied rodc password replication group),
> > 10004(NTDOMAIN\servers-ssh),3000174(NTDOMAIN\lokaleprinter-
> xerox11hp),3000176(NTDOMAIN\alle-schijftoegang),3000005(NTDOMAIN\denied
> rodc password replication group),
> > 3000173(NTDOMAIN\dnsadmins),3000009(BUILTIN\users)
> >
> >
> > Samba 4.4.3 Member server.
> > id someusername
> >
> > uid=10002(someusername) gid=10000(domain users) groups=10000(domain
> users),27(sudo),116(lpadmin),10005(remote-webmail),10003(server-
> aftermath),
> > 10008(servers-www),10004(servers-ssh),10009(alle-
> schijftoegang),2001(BUILTIN\users)
> >
> >
> > Now if i add this user on the member server in the sudo group...
> > you see : 27(sudo)
> >
> > same on the ADDC, nothing .. but the use IS added to the local group
> sudo.
> > I checked the /etc/group
> >
> > Very strange imo..
> >
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >
> 
> Hi Louis, No, not strange, you need to add the user with the DOMAIN to
> the sudo group on the DC
> i.e. useradd SAMDOM/rowland sudo
> 
> root at dc1:~# id rowland
> uid=10000(SAMDOM\rowland) gid=10000(SAMDOM\domain users)
> groups=10000(SAMDOM\domain
> users),27(sudo),3000025(SAMDOM\dnsadmins),3000009(BUILTIN\users)
> 
> Lets see if Mathias knows :-)
> 
> Rowland

mathias dufresne

2016-Jun-30 09:01 UTC

head link

[Samba] id username output ADDC and Member.

Hi Louis,

I expect you have already checked that but in case of: aren't they some
nested groups?

If they are not, perhaps a look into idmap.ldb to verify that uid=10002 is
not used by several users (your real user + some old entry into idmap)

I don't believe to much in that but as said, just in case...

2016-06-29 8:15 GMT+02:00 L.P.H. van Belle <belle at bazuin.nl>:
> Hi Rowland,
>
> Yes, thats done, the domain user exist on both servers in local sudo group.
> But why do i see much more groups on the ADDC, and even groups where this
> user is NOT member of, like 3000005(NTDOMAIN\denied rodc password
> replication group).
>
> See .. 2x
> 3000005(NTDOMAIN\denied rodc password replication group
> 3000005(NTDOMAIN\denied rodc password replication group
>
> Greetz,
>
> Louis
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: Rowland penny [mailto:rpenny at samba.org]
> > Verzonden: dinsdag 28 juni 2016 17:23
> > Aan: L.P.H. van Belle
> > Onderwerp: Re: [Samba] id username output ADDC and Member.
> >
> > On 28/06/16 16:00, L.P.H. van Belle wrote:
> > >> I love diving : )
> > >>
> > > Ok mathias,
> > >
> > > Can you explain this.
> > > This i dont get....
> > >
> > > Why is this output so different, and i dont mean the difference
with
> > NTDOMAIN\..
> > >
> > > See the groups differences...   between a ADDC and a member
server..
> > >
> > >
> > > Samba 4.4.3 ADDC
> > > id someusername
> > >
> > > uid=10002(NTDOMAIN\someusername) gid=10000(NTDOMAIN\domain users)
> > groups=10000(NTDOMAIN\domain users),3000053(NTDOMAIN\sng-certificaat-
> > gpo),10005(NTDOMAIN\remote-webmail),
> > > 3000058(NTDOMAIN\usb-lees-toegang),10003(NTDOMAIN\server-
> > aftermath),10008(NTDOMAIN\servers-www),3000154(NTDOMAIN\remote-
> > xenservers),
> > >
> 3000118(NTDOMAIN\cddvd-schrijf-toegang),3000030(NTDOMAIN\remote-toegang-
> >
pcs),3000117(NTDOMAIN\cddvd-lees-toegang),3000059(NTDOMAIN\usb-schrijf-
> > toegang),
> > > 3000148(NTDOMAIN\gitslinux-gebruikers),3000043(NTDOMAIN\afd-
> > itdep),3000173(NTDOMAIN\dnsadmins),3000038(NTDOMAIN\vest-
> > rotterdam),3000039(NTDOMAIN\allen),
> > > 3000065(NTDOMAIN\vertrouwde-
> > websites),3000040(NTDOMAIN\boven),3000004(NTDOMAIN\group policy
creator
> > owners),3000005(NTDOMAIN\denied rodc password replication group),
> > > 10004(NTDOMAIN\servers-ssh),3000174(NTDOMAIN\lokaleprinter-
> >
xerox11hp),3000176(NTDOMAIN\alle-schijftoegang),3000005(NTDOMAIN\denied
> > rodc password replication group),
> > > 3000173(NTDOMAIN\dnsadmins),3000009(BUILTIN\users)
> > >
> > >
> > > Samba 4.4.3 Member server.
> > > id someusername
> > >
> > > uid=10002(someusername) gid=10000(domain users)
groups=10000(domain
> > users),27(sudo),116(lpadmin),10005(remote-webmail),10003(server-
> > aftermath),
> > > 10008(servers-www),10004(servers-ssh),10009(alle-
> > schijftoegang),2001(BUILTIN\users)
> > >
> > >
> > > Now if i add this user on the member server in the sudo group...
> > > you see : 27(sudo)
> > >
> > > same on the ADDC, nothing .. but the use IS added to the local
group
> > sudo.
> > > I checked the /etc/group
> > >
> > > Very strange imo..
> > >
> > >
> > >
> > > Greetz,
> > >
> > > Louis
> > >
> > >
> > >
> >
> > Hi Louis, No, not strange, you need to add the user with the DOMAIN to
> > the sudo group on the DC
> > i.e. useradd SAMDOM/rowland sudo
> >
> > root at dc1:~# id rowland
> > uid=10000(SAMDOM\rowland) gid=10000(SAMDOM\domain users)
> > groups=10000(SAMDOM\domain
> > users),27(sudo),3000025(SAMDOM\dnsadmins),3000009(BUILTIN\users)
> >
> > Lets see if Mathias knows :-)
> >
> > Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Apparently Analagous Threads

Search for more maybe matching threads

samba - Jun 2016 - id username output ADDC and Member.

[Samba] id username output ADDC and Member.

[Samba] id username output ADDC and Member.

[Samba] id username output ADDC and Member.

Apparently Analagous Threads