Sorry for the serial posting, but ... anxious ...
I think there must be a bug in Samba 4.4.8, this all worked with 4.2.14.
To summarize (details in attached messages), since upgrading from Samba 4.2.14
to 4.4.8, getent
returns the wrong UID:GID. This is causing permission errors in programs like
dovecot who try
to read/write to Maildir files having the correct UID:GID.
With 4.4.8 I now have sam.ldb in /etc/samba/private (same with 4.2.14) and also
in
/var/lib/samba/private. Details in preceding message. Not sure which is the one
being used.
With 4.2.14 on AD/DC (CORRECT):
$ getent passwd mark
HPRS\mark:*:10001:10000:Mark Foley:/home/HPRS/mark:/bin/false
With 4.4.8 on AD/DC:
$ getent passwd mark
HPRS\mark:*:3000026:100:Mark Foley:/home/HPRS/mark:/bin/bash
With 4.4.5 on domain member labrat (CORRECT):
$ getent passwd mark
mark:*:10001:10000::/home/HPRS/mark:/bin/bash
Meanwhile, pending feedback from this list, I've added user 'mark'
to /etc/passwd:
mark:x:10001:10000::/home/HPRS/mark:/bin/bash
and now getent on the 4.4.8 AD/DC is back to normal:
$ getent passwd mark
mark:x:10001:10000::/home/HPRS/mark:/bin/bash
Permissions are now working with email MTA, etc.
While I'm at it, I did find the newly bad UID 3000026 in
/etc/samba/private/idmap.ldb.
The entry therein:
# record 44
dn: CN=S-1-5-21-1052267278-1962196458-4119365663-1111
cn: S-1-5-21-1052267278-1962196458-4119365663-1111
objectClass: sidMap
objectSid: S-1-5-21-1052267278-1962196458-4119365663-1111
type: ID_TYPE_BOTH
xidNumber: 3000026
distinguishedName: CN=S-1-5-21-1052267278-1962196458-4119365663-1111
Not sure that is meaningful.
Any help on this would be GREATLY appreciated.
--Mark
-----Original Message-----
Date: Tue, 24 Jan 2017 23:25:35 -0500
To: samba at lists.samba.org
Subject: Re: [Samba] getent problems with new Samba version
From: Mark Foley via samba <samba at lists.samba.org>
More information (possibly too much).
Since "things" are defined in sam.ldb, I compared before and after the
Samba 4.2.14 to 4.4.8
update. Here are the sam.ldb related files from the old 4.2.14 version:
-rw------- root/root 4247552 2014-10-20 23:54 etc/samba/private/sam.ldb
-rw------- root/root 4689920 2017-01-14 11:09 etc/samba/private/sam.ldb.bak
drwx------ root/root 0 2017-01-14 11:09 etc/samba/private/sam.ldb.d/
-rw------- root/root 4247552 2017-01-14 13:24
etc/samba/private/sam.ldb.d/DC=HPRS,DC=LOCAL.ldb
-rw------- root/root 14610432 2017-01-14 11:09
etc/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=HPRS,DC=LOCAL.ldb.bak
-rw------- root/root 20475904 2014-10-20 23:54
etc/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=HPRS,DC=LOCAL.ldb
-rw------- root/root 2371584 2017-01-14 11:09
etc/samba/private/sam.ldb.d/DC=HPRS,DC=LOCAL.ldb.bak
-rw-r----- root/root 8192 2017-01-14 11:09
etc/samba/private/sam.ldb.d/metadata.tdb.bak
-rw-r----- root/root 421888 2017-01-14 11:50
etc/samba/private/sam.ldb.d/metadata.tdb
-rw------- root/root 14307328 2015-08-13 21:03
etc/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=HPRS,DC=LOCAL.ldb
-rw------- root/root 8802304 2017-01-14 11:09
etc/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=HPRS,DC=LOCAL.ldb.bak
and the new 4.4.8 version:
-rw------- 1 root root 4247552 Oct 20 2014 /etc/samba/private/sam.ldb
-rw------- 1 root root 4689920 Jan 24 00:10 /etc/samba/private/sam.ldb.bak
-rw------- 1 root root 4247552 Oct 20 2014 /var/lib/samba/private/sam.ldb
-rw------- 1 root root 4689920 Jan 24 00:11 /var/lib/samba/private/sam.ldb.bak
> ls -l /etc/samba/private/sam.ldb.d
total 63716
-rw------- 1 root root 14307328 Aug 13 2015
CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb
-rw------- 1 root root 8802304 Jan 24 00:11
CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb.bak
-rw------- 1 root root 20475904 Oct 20 2014
CN\=SCHEMA,CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb
-rw------- 1 root root 14610432 Jan 24 00:11
CN\=SCHEMA,CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb.bak
-rw------- 1 root root 4247552 Jan 14 13:24 DC\=HPRS,DC\=LOCAL.ldb
-rw------- 1 root root 2371584 Jan 24 00:10 DC\=HPRS,DC\=LOCAL.ldb.bak
-rw-r----- 1 root root 421888 Jan 14 11:50 metadata.tdb
-rw-r----- 1 root root 8192 Jan 16 00:11 metadata.tdb.bak
> ls -l /var/lib/samba/private/sam.ldb.d
total 63996
-rw------- 1 root root 14307328 Aug 13 2015
CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb
-rw------- 1 root root 8802304 Jan 24 00:11
CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb.bak
-rw------- 1 root root 20475904 Oct 20 2014
CN\=SCHEMA,CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb
-rw------- 1 root root 14610432 Jan 24 00:11
CN\=SCHEMA,CN\=CONFIGURATION,DC\=HPRS,DC\=LOCAL.ldb.bak
-rw------- 1 root root 4247552 Jan 24 22:57 DC\=HPRS,DC\=LOCAL.ldb
-rw------- 1 root root 2658304 Jan 24 00:11 DC\=HPRS,DC\=LOCAL.ldb.bak
-rw-r----- 1 root root 421888 Jan 24 20:53 metadata.tdb
-rw-r----- 1 root root 8192 Jan 24 00:11 metadata.tdb.bak
One thing noticable to me right off is that, while both versions have ldb files
in
/etc/samba/private, with 4.4.8 there is an additional set in
/var/lib/samba/private. Why? Did
4.4.8 change the location of these files?
But, it's not like 4.4.8 is using /var/lib/samba/private instead of
/etc/samba/private. You
will notice that the sam.ldb* are updated in both places with 4.4.8.
I stop Samba just after midnight to do a backup, which is probably why all the
.bak timestamps
at 00:1[01]. But why are the actual sam.ldb files still dated for October 20,
2014 (when I
first installed Samba4)? I know I've made changes since then, such as
msSFU30MaxGidNumber and
msSFU30MaxGidNumber, and the uidNumber and gidNumber for some users.
Also, when I do `ldedit -H /etc/samba/private/sam.ldb` (and
/var/lib/samba/private/sam.ldb),
user 'mark' is correctly set to:
uidNumber: 10001
gidNumber: 10000
in both cases. So where is UID:GID 3000026:100 coming from when I do getent?
Confused, --Mark
-----Original Message-----
Date: Tue, 24 Jan 2017 21:35:09 -0500
To: samba at lists.samba.org
Subject: [Samba] getent problems with new Samba version
From: Mark Foley via samba <samba at lists.samba.org>
I have been running Samba4 as AD/DC for a mixed Windows/Linux office domain for
a little over 2
1/2 years now. I've needed a few tweaks from Roland, but basically it has
run flawless during
that time.
10 days ago, I upgrade to Slackware 14.2 from 14.1. Samba was likewise upgraded
from version
4.2.14 to 4.4.8. I'm having a serious problem ...
before the upgrade getent gave me:
$ getent passwd mark
HPRS\mark:*:10001:10000:Mark Foley:/home/HPRS/mark:/bin/false
which is correct. After the upgrade I get:
$ getent passwd mark
HPRS\mark:*:3000026:100:Mark Foley:/home/HPRS/mark:/bin/bash
In RSAT > Active Directory Users and Computers > [user] properties >
UNIX Attributes, this
user's UID is shown as 10001 and Primary group is "Domain Users"
which is 10000. So, correct in
RSAT.
smb.conf is unchanged.
These UID/GID settings are similar to the defaults from when I installed samba4
back in 2015!
Why did these change? Why are they not reflecting what is shown in RSAT?
This is a production office server and this issue is causing me a lot of
headaches with
existing files owned by the user as UID/GID 10001:10000, but now systems are
trying to rw these
files as 3000026:100. I'm getting permission denied errors, esp. in IMAP
folders.
How can I fix this? Help! Urgent!
THX --Mark
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba