aluno3 at poczta.onet.pl
2017-May-29 09:33 UTC
[Samba] Different primary group between 4.5.x and 4.6.x
On 29.05.2017 10:42, Rowland Penny via samba wrote:> On Mon, 29 May 2017 08:40:07 +0200 > aluno3--- via samba <samba at lists.samba.org> wrote: > > >>> Have you given 'Guest' a uidNumber and/or gidNumber attribute ? >> >> If I run "id guest" I also have "no such user". I need to pass also >> domain realm: >> >> root at root:~$ id guest >> id: guest: no such user >> root at root:~$ wbinfo -u|grep -i guest >> DEV2+guest >> root at root:~$ id DEV2+guest >> uid=66037(DEV2+guest) gid=66049(DEV2+domain users) >> groups=66049(DEV2+domain users),66037(DEV2+guest),66050(DEV2+domain >> guests) > > OK, so you do not have 'winbind use default domain = yes' in smb.conf, > but you do have 'winbind separator = +'Yes, exactly I have 'winbind separator = +'> > I do have the first, so your 'id DEV+guest' is the same as my 'id guest' > When I run it on a Unix domain member, i get: > > id: guest: no such user > > Bit different on a DC: > > uid=3000002(SAMDOM\guest) gid=10000(SAMDOM\domain users) groups=10000(SAMDOM\domain users),3000002(SAMDOM\guest),3000003(SAMDOM\domain guests),3000006(BUILTIN\guests),3000001(BUILTIN\users) > > As you seem to be getting '66037' for your ID, it seems that you must > have give 'Guest' a uidNumber or are using the winbind 'rid' backend. > Either way, you should not be able to login as 'Guest', or 'nobody', > these are users that should be used in the background. >My configuration for idmap backend is: idmap config dev2 : range = 65536-19999999 idmap config dev2 : backend = rid idmap config * : range = 20000000-39999999 idmap config * : backend = autorid>> In release notes we have: >> >> "This means that 'id <username>' without the user having logged in >> previously works similar to 4.5" >> >> I'm a little confused about this. Should I apply patch from: >> >> https://bugzilla.samba.org/show_bug.cgi?id=12612 > > No, it was for something that was added and then removed before a > stable release > > RowlandDoes it mean that functionality is not fully reverted?> > >
Rowland Penny
2017-May-29 10:03 UTC
[Samba] Different primary group between 4.5.x and 4.6.x
On Mon, 29 May 2017 11:33:21 +0200 aluno3--- via samba <samba at lists.samba.org> wrote:> My configuration for idmap backend is: > > idmap config dev2 : range = 65536-19999999 > idmap config dev2 : backend = rid > idmap config * : range = 20000000-39999999 > idmap config * : backend = autoridIt is recommended to use the tdb backend for the '*' domain> > Does it mean that functionality is not fully reverted? >No, it means that a patch was added and then removed, as far as the code is concerned, it is just as if the patch had never existed. Rowland
aluno3 at poczta.onet.pl
2017-May-29 10:30 UTC
[Samba] Different primary group between 4.5.x and 4.6.x
On 29.05.2017 12:03, Rowland Penny via samba wrote:> On Mon, 29 May 2017 11:33:21 +0200 > aluno3--- via samba <samba at lists.samba.org> wrote: > >> My configuration for idmap backend is: >> >> idmap config dev2 : range = 65536-19999999 >> idmap config dev2 : backend = rid >> idmap config * : range = 20000000-39999999 >> idmap config * : backend = autorid > > It is recommended to use the tdb backend for the '*' domainI will try to use tdb backend but in relative to issue with primary group it will not help.> >> >> Does it mean that functionality is not fully reverted? >> > > No, it means that a patch was added and then removed, as far as the code > is concerned, it is just as if the patch had never existed. > > Rowland >I suppose that not all commits from 2017-01-04 from Volker was reverted on 2017-03-06. Am I wrong ? Additionally in commit: https://git.samba.org/?p=samba.git;a=commitdiff;h=93e804a8b0e63f90c166f063fa16a1238cd8f8f3 we have updated release notes regarding to 'id <username>' but on: https://wiki.samba.org/index.php/Samba_4.6_Features_added/changed#winbind_changes this information is not updated so it can bring the confusion.