On Sun, 8 Apr 2018 12:47:25 +0100 Clemente Aguiar via samba <samba at lists.samba.org> wrote:> > Hi, > > I have little knowledge about Samba 4 and I need help. > > I have a Zentyal 5 server, which is based on Ubuntu 16.04 and Samba4. > > There are some issues with Samba access to certain shares, because > there seems to be 2 different gid for group "Domain Users", gid 1901 > and gid 2513. > > # wbinfo --gid-info 2513 > ARDITI\domain users:x:2513: > > # wbinfo --gid-info 1901 > ARDITI\domain users:x:1901: > > # wbinfo --gid-to-sid=*1901* > S-1-5-21-1969551146-1524703261-742246316-513 > # wbinfo --gid-to-sid=*2513* > S-1-5-21-1969551146-1524703261-742246316-513 > > # wbinfo --sid-to-gid=S-1-5-21-1969551146-1524703261-742246316-513 > *2513* > > From this last statement it seems that gid 2513 is the correct one. > > I can I get rid of the incorrect entry? > > Regards >How is Samba being run ? Can you post your smb.conf Rowland
The samba was created by Zentyal system (http://www.zentyal.org). Here is smb.conf: [global] workgroup = arditi realm = ARDITI.PT netbios name = hera server string = Zentyal Server server role = dc server role check:inhibit = yes server services = -dns server signing = auto dsdb:schema update allowed = yes ldap server require strong auth = no drs:max object sync = 1200 idmap_ldb:use rfc2307 = yes winbind enum users = yes winbind enum groups = yes template shell = /bin/bash template homedir = /home/%U interfaces = lo,eth0 bind interfaces only = yes map to guest = Bad User log level = 3 log file = /var/log/samba/samba.log max log size = 100000 include = /etc/samba/shares.conf [netlogon] path = /var/lib/samba/sysvol/arditi.pt/scripts browseable = no read only = yes [sysvol] path = /var/lib/samba/sysvol read only = no Às 13:08 de 08-04-2018, Rowland Penny via samba escreveu:> On Sun, 8 Apr 2018 12:47:25 +0100 > Clemente Aguiar via samba <samba at lists.samba.org> wrote: > >> Hi, >> >> I have little knowledge about Samba 4 and I need help. >> >> I have a Zentyal 5 server, which is based on Ubuntu 16.04 and Samba4. >> >> There are some issues with Samba access to certain shares, because >> there seems to be 2 different gid for group "Domain Users", gid 1901 >> and gid 2513. >> >> # wbinfo --gid-info 2513 >> ARDITI\domain users:x:2513: >> >> # wbinfo --gid-info 1901 >> ARDITI\domain users:x:1901: >> >> # wbinfo --gid-to-sid=*1901* >> S-1-5-21-1969551146-1524703261-742246316-513 >> # wbinfo --gid-to-sid=*2513* >> S-1-5-21-1969551146-1524703261-742246316-513 >> >> # wbinfo --sid-to-gid=S-1-5-21-1969551146-1524703261-742246316-513 >> *2513* >> >> From this last statement it seems that gid 2513 is the correct one. >> >> I can I get rid of the incorrect entry? >> >> Regards >> > How is Samba being run ? > Can you post your smb.conf > > Rowland > >
On Sun, 8 Apr 2018 13:22:28 +0100 Clemente Aguiar via samba <samba at lists.samba.org> wrote:> The samba was created by Zentyal system (http://www.zentyal.org). > > Here is smb.conf: > > [global] > workgroup = arditi > realm = ARDITI.PT > netbios name = hera > server string = Zentyal Server > server role = dc > server role check:inhibit = yes > server services = -dns > server signing = auto > dsdb:schema update allowed = yes > ldap server require strong auth = no > drs:max object sync = 1200 > > idmap_ldb:use rfc2307 = yes > > winbind enum users = yes > winbind enum groups = yes > template shell = /bin/bash > template homedir = /home/%U > > interfaces = lo,eth0 > bind interfaces only = yes > > map to guest = Bad User > > log level = 3 > log file = /var/log/samba/samba.log > max log size = 100000 > > include = /etc/samba/shares.conf > > [netlogon] > path = /var/lib/samba/sysvol/arditi.pt/scripts > browseable = no > read only = yes > > [sysvol] > path = /var/lib/samba/sysvol > read only = noIt is running as an AD DC and the IDs you showed are not in the '3000000' range, so this means one of two things, either idmap.ldb has been messed with (not recommended) or the users and groups have been given uidNumber and gidNumber attributes (with very low numbers, again not recommended). I think it is more likely to be the later and if so, there is a bug for this: https://bugzilla.samba.org/show_bug.cgi?id=13054# Rowland