lingpanda101 at gmail.com
2016-Aug-08 12:52 UTC
[Samba] UNIX attribute UID no longer increments with RSAT
Hello, I'm using rfc2307 to enable Unix attributes on my DC's. Recently when adding a user and attempting to add a UID with the RSAT, I receiving the following error. 'Duplicate UID. Assign a uniqueUID.' How do I list all users and their UID? I tried using 'pdbedit' and wbinfo. Pdbedit appears to list the XID's and wbinfo needs me to specify a user name. I need to confirm all users have a unique UID before moving forward to troubleshoot this issue. Thanks. -- -James
Rowland Penny
2016-Aug-08 13:32 UTC
[Samba] UNIX attribute UID no longer increments with RSAT
On Mon, 8 Aug 2016 08:52:39 -0400 "lingpanda101 at gmail.com" <lingpanda101 at gmail.com> wrote:> Hello, > > I'm using rfc2307 to enable Unix attributes on my DC's. Recently > when adding a user and attempting to add a UID with the RSAT, I > receiving the following error. > > 'Duplicate UID. Assign a uniqueUID.' > > How do I list all users and their UID? I tried using 'pdbedit' and > wbinfo. Pdbedit appears to list the XID's and wbinfo needs me to > specify a user name. I need to confirm all users have a unique UID > before moving forward to troubleshoot this issue. Thanks. >What version of windows is this ? When you used to add a uidNumber with the UNIX Attributes tab, the last uid used was stored in an attribute in AD, this attribute was created if it didn't exist, has windows stopped doing this ? The attribute in question is 'msSFU30MaxUidNumber' (there is another one for groups 'msSFU30MaxGidNumber') and this is stored in the AD object to be found at: CN=<Your lowercase NETBios domain name>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=your,DC=dns,DC=domain Rowland
lingpanda101 at gmail.com
2016-Aug-08 13:52 UTC
[Samba] UNIX attribute UID no longer increments with RSAT
On 8/8/2016 9:32 AM, Rowland Penny wrote:> On Mon, 8 Aug 2016 08:52:39 -0400 > "lingpanda101 at gmail.com" <lingpanda101 at gmail.com> wrote: > >> Hello, >> >> I'm using rfc2307 to enable Unix attributes on my DC's. Recently >> when adding a user and attempting to add a UID with the RSAT, I >> receiving the following error. >> >> 'Duplicate UID. Assign a uniqueUID.' >> >> How do I list all users and their UID? I tried using 'pdbedit' and >> wbinfo. Pdbedit appears to list the XID's and wbinfo needs me to >> specify a user name. I need to confirm all users have a unique UID >> before moving forward to troubleshoot this issue. Thanks. >> > What version of windows is this ? > > When you used to add a uidNumber with the UNIX Attributes tab, the last > uid used was stored in an attribute in AD, this attribute was created > if it didn't exist, has windows stopped doing this ? > > The attribute in question is 'msSFU30MaxUidNumber' (there is another > one for groups 'msSFU30MaxGidNumber') and this is stored in the AD > object to be found at: > CN=<Your > lowercase > NETBios > domain > name>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=your,DC=dns,DC=domain > > Rowland > >This is with Windows 7. I found the issue. I have another admin who creates users in AD. This user did not have the proper permissions to update this attribute with RSAT. I can't recall the error they received, but it mentioned not having permissions to update this field( I will get so as to post and update in this thread). Event though they were advised they do not have permissions, the UID was updated in Samba anyways(Possible security bug?). I verified it was in samba by using wbinfo. To correct the issue, I manually incremented the new users UID to the next available one in Samba. This allowed RSAT to automatically increment the UID on a subsequent user I tested on. -- -James
lingpanda101 at gmail.com
2016-Aug-08 19:00 UTC
[Samba] UNIX attribute UID no longer increments with RSAT
On 8/8/2016 9:32 AM, Rowland Penny wrote:> On Mon, 8 Aug 2016 08:52:39 -0400 > "lingpanda101 at gmail.com" <lingpanda101 at gmail.com> wrote: > >> Hello, >> >> I'm using rfc2307 to enable Unix attributes on my DC's. Recently >> when adding a user and attempting to add a UID with the RSAT, I >> receiving the following error. >> >> 'Duplicate UID. Assign a uniqueUID.' >> >> How do I list all users and their UID? I tried using 'pdbedit' and >> wbinfo. Pdbedit appears to list the XID's and wbinfo needs me to >> specify a user name. I need to confirm all users have a unique UID >> before moving forward to troubleshoot this issue. Thanks. >> > What version of windows is this ? > > When you used to add a uidNumber with the UNIX Attributes tab, the last > uid used was stored in an attribute in AD, this attribute was created > if it didn't exist, has windows stopped doing this ? > > The attribute in question is 'msSFU30MaxUidNumber' (there is another > one for groups 'msSFU30MaxGidNumber') and this is stored in the AD > object to be found at: > CN=<Your > lowercase > NETBios > domain > name>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=your,DC=dns,DC=domain > > Rowland > >These are the error messages received when a user attempts to update the UID within RSAT. First is; "Unable to modify the object property values. Check your credentials. There could be a network problem. Active Directory could be down. Contact your system administrator." Followed by; "Unable to update the maximum user ID number for the selected NIS Domain." Using ldbedit I see the max 'msSFU30MaxUidNumber: 10152'. This UID was just given to a user so I could receive the above error messages. Where should I be looking to verify if this person has permission to update the Unix attributes? Thanks. -- -James
lingpanda101 at gmail.com
2016-Aug-10 15:53 UTC
[Samba] UNIX attribute UID no longer increments with RSAT
On 8/8/2016 9:32 AM, Rowland Penny wrote:> On Mon, 8 Aug 2016 08:52:39 -0400 > "lingpanda101 at gmail.com" <lingpanda101 at gmail.com> wrote: > >> Hello, >> >> I'm using rfc2307 to enable Unix attributes on my DC's. Recently >> when adding a user and attempting to add a UID with the RSAT, I >> receiving the following error. >> >> 'Duplicate UID. Assign a uniqueUID.' >> >> How do I list all users and their UID? I tried using 'pdbedit' and >> wbinfo. Pdbedit appears to list the XID's and wbinfo needs me to >> specify a user name. I need to confirm all users have a unique UID >> before moving forward to troubleshoot this issue. Thanks. >> > What version of windows is this ? > > When you used to add a uidNumber with the UNIX Attributes tab, the last > uid used was stored in an attribute in AD, this attribute was created > if it didn't exist, has windows stopped doing this ? > > The attribute in question is 'msSFU30MaxUidNumber' (there is another > one for groups 'msSFU30MaxGidNumber') and this is stored in the AD > object to be found at: > CN=<Your > lowercase > NETBios > domain > name>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=your,DC=dns,DC=domain > > Rowland > >I'll update my findings. * Create a new security group in ADUC * Within ADUC right click the OU or domain to delegate permissions * Click Delegate Control * Add the new security group created. * Delegate the following tasks o Create, delete and manage user accounts o Reset user passwords and force password change at next logon o Read all user information From what I gather on the net, this does not give the above security group permission to update the Unix attributes within ADUC. This appears to be confirmed by the error prompts when attempted. Maybe I am incorrect and this should give the security group permission and the error prompts are just bugs. -- -James
Seemingly Similar Threads
- UNIX attribute UID no longer increments with RSAT
- Avoiding uid conflicts between rfc2307 user/groups and computers
- Avoiding uid conflicts between rfc2307 user/groups and computers
- Scripting the next UID/GID number to use
- Scripting the next UID/GID number to use