On Thu, 26 Jan 2017 09:56:10 +0000 Rowland Penny wrote:> > On Thu, 26 Jan 2017 02:35:43 -0500 > Mark Foley via samba <samba at lists.samba.org> wrote: > > > on Wed, 25 Jan 2017 20:15:49 -0500 Gaiseric Vandal wrote: > > > > > Would "testparm -v" show you the path of all the files used ? Are > > > there any idmap settings? > > > > Gaiseric, thanks for your response. the `testparm -v` gave me: > > > > private dir = /var/lib/samba/private > > > > So, I guess that means the sam.ldb in that directory is the one being > > used, not the one in /etc/samba/private. That helps. Thanks for > > that tip. The newer Samba 4.4.8 must have somehow been smart enough > > to find the 4.2.12 sam.ldb in /etc/samba/private and copy it over to > > the new location because there was no /var/lib/samba/private with my > > 4.2.12, and the contents of both sam.ldb's is the same including > > changes I made. > > No, I would say it is dumb enough to try, just who thought it was a > good idea to do this ?I can't imagine why they would change the location of a crucial directory like this!!!> If you read the slackware file 'doinst.sh', there is this: > > # Since /etc/samba/private/ has moved to /var/lib/samba/private, migrate any > # important files if possible:Where is this file? I have no doinst.sh on my entire system, nor do I find it on the Slackware 14.2 installation DVD. I'm pretty sure I didn't copy this directory over. Come to think of it, when I restarted with the new version my DNS wasn't working (see next comment). I found that the /etc/samba/private folder was missing altogether. I restored that directory from backup and DNS started working again. So, either that doinst.sh script got run automatically somehow, or the Samaba executable knew to do this, and removed the /etc/samba/private directory. After some testing, I will remove the old /etc/samba/private folder. In addition to .ldb stuff, the original Samba provisioning step created (or advised?) a named.conf file to include the following line: include "/etc/samba/private/named.conf"; wherein all the Samba DNS stuff was originally created. I've modified my /etc/named.conf to now point to /var/lib/samba/private and will remove /etc/samba/private when I'm sure of this. This "change" affects a lot of stuff!! :(> What does 'samba -b' show for 'PRIVATE_DIR' ?$ samba -b Samba version: 4.4.8 Build environment: Build host: Linux hive64 4.4.38 #1 SMP Sun Dec 11 15:57:21 CST 2016 x86_64 AMD Phenom(tm) II X6 1100T Processor AuthenticAMD GNU/Linux Paths: : : PRIVATE_DIR: /var/lib/samba/private Same as the `testparm -v` Gaiseric had me run.> > /var/lib/samba/private/sam.ldb, /etc/samba/private/sam.ldb and > > RSAT/ADUC all show the "correct" UID:GIDs for users, for example > > 10001:10000. > > > > So, if Samba 4.4.8 "is using winbind to allocate uid's", how can I > > make it stop that and use the ids actually configured in sam.ldb? > > That's the question, basically: why is windbind (or whatever) > > arbitrarily generating UID:GIDs instead of using the configured ids? > > You are likely right on this too. As Rowland Penny wrote on > > 10/11/2015 17:15, "wbinfo goes straight to winbind, which goes to > > where you have told it to. getent goes via nssswitch, ...". and > > wbinfo still returns: > > When I said that, I meant how Samba was configured would tell winbind > where to look.So, where is winbind looking?> Have you tried checking in AD with ldbsearch or ldbedit for the actual > records ?Yes, I've done `ldbedit -H /var/lib/samba/private/sam.ldb` (and ldbsearch) and among other settings for user 'mark' I have: uidNumber: 10001 gidNumber: 10000 winbind or whatever is simply not looking there. Is there a solution? --Mark
On Thu, 26 Jan 2017 14:09:49 -0500 Mark Foley via samba <samba at lists.samba.org> wrote:> On Thu, 26 Jan 2017 09:56:10 +0000 Rowland Penny wrote: > > > > On Thu, 26 Jan 2017 02:35:43 -0500 > > Mark Foley via samba <samba at lists.samba.org> wrote: > > > > > on Wed, 25 Jan 2017 20:15:49 -0500 Gaiseric Vandal wrote: > > > > > > > Would "testparm -v" show you the path of all the files used ? > > > > Are there any idmap settings? > > > > > > Gaiseric, thanks for your response. the `testparm -v` gave me: > > > > > > private dir = /var/lib/samba/private > > > > > > So, I guess that means the sam.ldb in that directory is the one > > > being used, not the one in /etc/samba/private. That helps. > > > Thanks for that tip. The newer Samba 4.4.8 must have somehow > > > been smart enough to find the 4.2.12 sam.ldb > > > in /etc/samba/private and copy it over to the new location > > > because there was no /var/lib/samba/private with my 4.2.12, and > > > the contents of both sam.ldb's is the same including changes I > > > made. > > > > No, I would say it is dumb enough to try, just who thought it was a > > good idea to do this ? > > I can't imagine why they would change the location of a crucial > directory like this!!!It does seem strange, normally a distro will select where to put a package contents and then sticks to it.> > > If you read the slackware file 'doinst.sh', there is this: > > > > # Since /etc/samba/private/ has moved to /var/lib/samba/private, > > migrate any # important files if possible: > > Where is this file? I have no doinst.sh on my entire system, nor do I > find it on the Slackware 14.2 installation DVD.Ah, it might be called doinst.sh.gz on your DVD, but I found it here: http://mirrors.slackware.com/slackware/slackware64-14.2/patches/source/samba/> > I'm pretty sure I didn't copy this directory over. Come to think of > it, when I restarted with the new version my DNS wasn't working (see > next comment). I found that the /etc/samba/private folder was missing > altogether. I restored that directory from backup and DNS started > working again. So, either that doinst.sh script got run automatically > somehow, or the Samaba executable knew to do this, and removed > the /etc/samba/private directory.I am fairly sure it was the slackware script, there is nothing in the Samba source that will move the contents of an entire directory.> > After some testing, I will remove the old /etc/samba/private folder. > In addition to .ldb stuff, the original Samba provisioning step > created (or advised?) a named.conf file to include the following line: > > include "/etc/samba/private/named.conf"; > > wherein all the Samba DNS stuff was originally created. I've > modified my /etc/named.conf to now point to /var/lib/samba/private > and will remove /etc/samba/private when I'm sure of this. This > "change" affects a lot of stuff!! :(This is one reason why you shouldn't move directory contents about without considering stuff like this.> > > What does 'samba -b' show for 'PRIVATE_DIR' ? > > $ samba -b > Samba version: 4.4.8 > Build environment: > Build host: Linux hive64 4.4.38 #1 SMP Sun Dec 11 15:57:21 CST > 2016 x86_64 AMD Phenom(tm) II X6 1100T Processor AuthenticAMD > GNU/Linux Paths: > : > : > PRIVATE_DIR: /var/lib/samba/private > > Same as the `testparm -v` Gaiseric had me run.In which case, this is where winbind will look.> > > Have you tried checking in AD with ldbsearch or ldbedit for the > > actual records ? > > Yes, I've done `ldbedit -H /var/lib/samba/private/sam.ldb` (and > ldbsearch) and among other settings for user 'mark' I have: > > uidNumber: 10001 > gidNumber: 10000Does 'Domain Users' have a gidNumber ? Rowland
On Thu, 26 Jan 2017 19:36:33 +0000 Rowland Penny wrote:> On Thu, 26 Jan 2017 14:09:49 -0500 > Mark Foley via samba <samba at lists.samba.org> wrote: > > > On Thu, 26 Jan 2017 09:56:10 +0000 Rowland Penny wrote: > > > > > > On Thu, 26 Jan 2017 02:35:43 -0500 > > > Mark Foley via samba <samba at lists.samba.org> wrote: > > > > I can't imagine why they would change the location of a crucial > > directory like this!!! > > It does seem strange, normally a distro will select where to put a > package contents and then sticks to it.> > > If you read the slackware file 'doinst.sh', there is this:> > Where is this file? I have no doinst.sh on my entire system, nor do I > > find it on the Slackware 14.2 installation DVD. > > Ah, it might be called doinst.sh.gz on your DVD, but I found it here: > > http://mirrors.slackware.com/slackware/slackware64-14.2/patches/source/samba/Nope, nothing like that on my DVD, which I downloaded from LinuxQuestions.org. Perhaps there is a new DVD, or maybe that info is just on the Slackware website. Rather an obscure communication of something that can grind your system to a halt. Very unlike Slackware.> > > Have you tried checking in AD with ldbsearch or ldbedit for the > > > actual records ? > > > > Yes, I've done `ldbedit -H /var/lib/samba/private/sam.ldb` (and > > ldbsearch) and among other settings for user 'mark' I have: > > > > uidNumber: 10001 > > gidNumber: 10000 > > Does 'Domain Users' have a gidNumber ?Yes, here is the entire section on that from ldbsearch. You can see the gidNumber is 10000: # record 138 dn: CN=Domain Users,CN=Users,DC=hprs,DC=local objectClass: top objectClass: group cn: Domain Users description: All domain users instanceType: 4 whenCreated: 20140903044615.0Z uSNCreated: 3541 name: Domain Users objectGUID: edb886f3-5829-4b36-805f-3cce7f737d02 objectSid: S-1-5-21-1052267278-1962196458-4119365663-513 sAMAccountName: Domain Users sAMAccountType: 268435456 groupType: -2147483646 objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=hprs,DC=local isCriticalSystemObject: TRUE memberOf: CN=Users,CN=Builtin,DC=hprs,DC=local msSFU30NisDomain: hprs gidNumber: 10000 msSFU30Name: Domain Users whenChanged: 20151012022826.0Z uSNChanged: 6863 distinguishedName: CN=Domain Users,CN=Users,DC=hprs,DC=local The question remains, why is winbind not getting this info from sam.ldb? Everything appears to be in the right place. Can I turn on some debugging for winbind? Where is it started? --Mark