aluno3 at poczta.onet.pl
2017-May-29 10:30 UTC
[Samba] Different primary group between 4.5.x and 4.6.x
On 29.05.2017 12:03, Rowland Penny via samba wrote:> On Mon, 29 May 2017 11:33:21 +0200 > aluno3--- via samba <samba at lists.samba.org> wrote: > >> My configuration for idmap backend is: >> >> idmap config dev2 : range = 65536-19999999 >> idmap config dev2 : backend = rid >> idmap config * : range = 20000000-39999999 >> idmap config * : backend = autorid > > It is recommended to use the tdb backend for the '*' domainI will try to use tdb backend but in relative to issue with primary group it will not help.> >> >> Does it mean that functionality is not fully reverted? >> > > No, it means that a patch was added and then removed, as far as the code > is concerned, it is just as if the patch had never existed. > > Rowland >I suppose that not all commits from 2017-01-04 from Volker was reverted on 2017-03-06. Am I wrong ? Additionally in commit: https://git.samba.org/?p=samba.git;a=commitdiff;h=93e804a8b0e63f90c166f063fa16a1238cd8f8f3 we have updated release notes regarding to 'id <username>' but on: https://wiki.samba.org/index.php/Samba_4.6_Features_added/changed#winbind_changes this information is not updated so it can bring the confusion.
aluno3 at poczta.onet.pl
2017-May-30 09:54 UTC
[Samba] Different primary group between 4.5.x and 4.6.x
I changed default/primary group for other user than guest and issue also occurred so if domain user has default group other than "domain users", 'id <username>' always shows "domain users" as primary group. On 29.05.2017 12:30, aluno3 at poczta.onet.pl wrote:> On 29.05.2017 12:03, Rowland Penny via samba wrote: >> On Mon, 29 May 2017 11:33:21 +0200 >> aluno3--- via samba <samba at lists.samba.org> wrote: >> >>> My configuration for idmap backend is: >>> >>> idmap config dev2 : range = 65536-19999999 >>> idmap config dev2 : backend = rid >>> idmap config * : range = 20000000-39999999 >>> idmap config * : backend = autorid >> >> It is recommended to use the tdb backend for the '*' domain > > I will try to use tdb backend but in relative to issue with primary > group it will not help. > >> >>> >>> Does it mean that functionality is not fully reverted? >>> >> >> No, it means that a patch was added and then removed, as far as the code >> is concerned, it is just as if the patch had never existed. >> >> Rowland >> > > I suppose that not all commits from 2017-01-04 from Volker was reverted > on 2017-03-06. Am I wrong ? > > Additionally in commit: > > https://git.samba.org/?p=samba.git;a=commitdiff;h=93e804a8b0e63f90c166f063fa16a1238cd8f8f3 > > > we have updated release notes regarding to 'id <username>' but on: > > https://wiki.samba.org/index.php/Samba_4.6_Features_added/changed#winbind_changes > > this information is not updated so it can bring the confusion. > >
aluno3 at poczta.onet.pl
2017-May-30 14:02 UTC
[Samba] Different primary group between 4.5.x and 4.6.x
Additionally if I authenticate to user using wbinfo -a it seems to works correctly: root at root:~$ id DEV2+guest uid=2000501(DEV2+guest) gid=2000513(DEV2+domain users) groups=2000513(DEV2+domain users),2000501(DEV2+guest),2000514(DEV2+domain guests) root at root:~$ wbinfo -a DEV2+guest Enter DEV2+guest's password: plaintext password authentication succeeded Enter DEV2+guest's password: challenge/response password authentication succeeded root at root:~$ id DEV2+guest uid=2000501(DEV2+guest) gid=2000514(DEV2+domain guests) groups=2000514(DEV2+domain guests),2000501(DEV2+guest) so seems that if samlogon cache is filled then primary group is returned correctly. But I suppose that if I use share using NFS (without Samba authentication) and have some ACL to files or directories I will probably have issues with access denied. On 30.05.2017 11:54, aluno3 at poczta.onet.pl wrote:> I changed default/primary group for other user than guest and issue also > occurred so if domain user has default group other than "domain users", > 'id <username>' always shows "domain users" as primary group. > > On 29.05.2017 12:30, aluno3 at poczta.onet.pl wrote: >> On 29.05.2017 12:03, Rowland Penny via samba wrote: >>> On Mon, 29 May 2017 11:33:21 +0200 >>> aluno3--- via samba <samba at lists.samba.org> wrote: >>> >>>> My configuration for idmap backend is: >>>> >>>> idmap config dev2 : range = 65536-19999999 >>>> idmap config dev2 : backend = rid >>>> idmap config * : range = 20000000-39999999 >>>> idmap config * : backend = autorid >>> >>> It is recommended to use the tdb backend for the '*' domain >> >> I will try to use tdb backend but in relative to issue with primary >> group it will not help. >> >>> >>>> >>>> Does it mean that functionality is not fully reverted? >>>> >>> >>> No, it means that a patch was added and then removed, as far as the code >>> is concerned, it is just as if the patch had never existed. >>> >>> Rowland >>> >> >> I suppose that not all commits from 2017-01-04 from Volker was reverted >> on 2017-03-06. Am I wrong ? >> >> Additionally in commit: >> >> https://git.samba.org/?p=samba.git;a=commitdiff;h=93e804a8b0e63f90c166f063fa16a1238cd8f8f3 >> >> >> we have updated release notes regarding to 'id <username>' but on: >> >> https://wiki.samba.org/index.php/Samba_4.6_Features_added/changed#winbind_changes >> >> this information is not updated so it can bring the confusion. >> >> >