> > Some more information. RSAT on the windows 10 client shows all the > proper UNIX attributes. The uidNumber is the correct 3001108. So I > removed the idmap.ldb entry for my wife's sid and restarted the AD. > The new idmap entry was created and I noticed that getent returned the > xidNumber from the new entry. It appears that the AD is ignoring the > UNIX attributes altogether for my wife's account. I honestly do not > know what is special about her account as my account is setup in > exactly the same manner. >This is absolutely messed up. I re-created my wife's account. I added the UNIX attributes changing the uidNumber=10001 and I changed my uidNumber=10000 and gave the group domain users gidNumber=10513. I then restarted the server and issued a net cache flush probably 10 times MYDOM\me:*:10000:10513::/home/me:/bin/bash MYDOM\mywife:*:10001:10513::/home/mywife:/bin/bash I then do: > cd /home > ls -altn drwx------+ 82 10000 10513 20480 Apr 5 23:36 me drwx------+ 43 3000112 3000513 4096 Apr 4 18:28 mywife >getent passwd MYHOME\prg-11868bg:*:10000:3000513:Paul R. Ganci:/home/prg-11868bg:/bin/bash MYHOME\sln-11868bg:*:3000112:3000513::/home/sln-11868bg:/bin/bash It seems after some small length of time the domain users group gidNumber reverts to its xidNumber as does my wife's uidNumber. I have no idea why this would occur and don't know where to begin to debug the problem. Any pointers would be appreciated. -- Paul (ganci at nurdog.com) Cell: (303)257-5208
On Thu, 5 Apr 2018 23:58:35 -0600 "Paul R. Ganci via samba" <samba at lists.samba.org> wrote:> > > > Some more information. RSAT on the windows 10 client shows all the > > proper UNIX attributes. The uidNumber is the correct 3001108. So I > > removed the idmap.ldb entry for my wife's sid and restarted the AD. > > The new idmap entry was created and I noticed that getent returned > > the xidNumber from the new entry. It appears that the AD is > > ignoring the UNIX attributes altogether for my wife's account. I > > honestly do not know what is special about her account as my > > account is setup in exactly the same manner. > > > > This is absolutely messed up. I re-created my wife's account. I added > the UNIX attributes changing the uidNumber=10001 and I changed my > uidNumber=10000 and gave the group domain users gidNumber=10513. I > then restarted the server and issued a net cache flush probably 10 > times > >I think you are running into this bug: https://bugzilla.samba.org/show_bug.cgi?id=13054# Rowland
On 04/06/2018 02:54 AM, Rowland Penny via samba wrote:>> I think you are running into this bug: >> >> https://bugzilla.samba.org/show_bug.cgi?id=13054#Thanks Rowland. This bug was indeed the problem. I am not sure why it decided to rear its ugly head now but it did. It turns out my account was immune to it because when I switched over from the RID to AD backend I had made my uidNumber the same as the xidNumber. However my wife's account's uidNumber was my uidNumber +1. But that was not the xidNumber in the idmap.ldb. I removed the offending idmap.ldb entries, changed uidNumbers to something more reasonable and then ran chown to repossess our user directories & files. Everything is working like it is supposed to now. -- Paul (ganci at nurdog.com) Cell: (303)257-5208