Mandi! Emmanuel Florac via samba In chel di` si favelave...> > I can fire up bug for the manpage?! > At least it should mention the default of 100 and why you would want > it at 0 instead.the bug is exactly for that, manpage lie! ;-) usershare max shares (G) This parameter specifies the number of user defined shares that are allowed to be created by users belonging to the group owning the usershare directory. If set to zero (the default) user defined shares are ignored. Default: usershare max shares = 0> Still, I can't fathom why some machines are trying to access > non-existing shares named with a username with the last character > chopped off...This is effectively strage... but coult be only a minor bug in some printf() call in logging.. anyway strange... -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
HI, I have samba DC Version 4.5.15 , i have problem with Domain Users group on samba server: # getent group 100 DC1\domain users:x:100: # getent group 40000 DC1\domain users:x:100: # getent group "dc1.i.com\\Domain Users" DC1\domain users:x:100: On Windows in Active Directory Users and Computers on Administrator domain account: gidNumber = 40000 for Domain Users. smb.conf [global] server role check:inhibit=yes dsdb:schema update allowed = yes netbios name = DC1 realm = I.COM workgroup = DC1 server role = active directory domain controller idmap_ldb:use rfc2307 = yes ldap server require strong auth = no unix extensions = no security = user dns forwarder = 192.168.10.2 allow dns updates = nonsecure log level = 1 max log size = 450000 log file = /var/log/samba/log.%m include = /etc/samba/smb.conf.debug-%I idmap config * : range = 40000-50000 idmap config * : backend = tdb winbind enum users = yes winbind enum groups = yes [netlogon] path = /var/lib/samba/sysvol/i.mp.pl/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No Can i change gid to 100 in windows? Where does this discrepancy come from? Thanks, Rafal Sanocki
On Tue, 29 May 2018 13:41:09 +0200 Rafał Sanocki via samba <samba at lists.samba.org> wrote:> HI, > I have samba DC Version 4.5.15 , i have problem with Domain Users > group > > on samba server: > # getent group 100 > DC1\domain users:x:100: > # getent group 40000 > DC1\domain users:x:100: > # getent group "dc1.i.com\\Domain Users" > DC1\domain users:x:100: > > On Windows in Active Directory Users and Computers on Administrator > domain account: > gidNumber = 40000 for Domain Users. > > > smb.conf > [global] > server role check:inhibit=yes > dsdb:schema update allowed = yesWhy do you have the two lines above ??> netbios name = DC1 > realm = I.COM > workgroup = DC1 > server role = active directory domain controller > idmap_ldb:use rfc2307 = yes > ldap server require strong auth = no> unix extensions = no > security = userAgain, why do yo have the two lines above ??> dns forwarder = 192.168.10.2 > allow dns updates = nonsecure > log level = 1 > max log size = 450000 > log file = /var/log/samba/log.%m > include = /etc/samba/smb.conf.debug-%I> idmap config * : range = 40000-50000 > idmap config * : backend = tdbYet again, why do you have the two lines above, they do not work on a DC.> winbind enum users = yes > winbind enum groups = yesYet, Yet again, why do you have the two lines above, they only slow things down and are not needed.> [netlogon] > path = /var/lib/samba/sysvol/i.mp.pl/scripts > read only = No > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > Can i change gid to 100 in windows?No, because it isn't coming from windows.>Where does this discrepancy come from?idmap.ldb, but it isn't a discrepancy, it is the default setting, 'Domain Users' is mapped to the Unix group 'users' in idmap.ldb There is a bug report for this, until this is fixed, run 'net cache flush' and then NEVER run 'getent group ANUMBER' again. Rowland
On Tue, 29 May 2018 14:40:58 +0200 Rafał Sanocki <rafal.sanocki at gmail.com> wrote:> Hi, > > unix extensions = no > for symlinks > > security = user > samba dc is fileserver too > > where do You found this info is slowing down ?From reports on this mailing list. If you have those lines in smb.conf, then ALL they do is make 'getent passwd' or 'getent group' show all users and groups AND slow things down. They are not needed, 'getent passwd ausername' will show the info for the user and everything else will just work.> This is after update default config > > [netlogon] > path = /var/lib/samba/sysvol/i.mp.pl/scripts > read only = No > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > Thx for correct my config. > > > i found this toturial, now i need to change xidNumber to 40000? > > https://techblog.devlat.eu/2017/02/04/gid-of-the-domain-users-resetting-to-100-with-a-samba-ad-dc/ >Well you could do that, but that is a botch, if you want my advice, do not mess with idmap.ldb Rowland Penny : Samba team member
> the bug is exactly for that, manpage lie! ;-)Ok, bug fired up. https://bugzilla.samba.org/show_bug.cgi?id=13456 -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
On Tue, 2018-05-29 at 10:00 +0200, Marco Gaiarin via samba wrote:> Mandi! Emmanuel Florac via samba > In chel di` si favelave... > > > > I can fire up bug for the manpage?! > > > > At least it should mention the default of 100 and why you would want > > it at 0 instead. > > the bug is exactly for that, manpage lie! ;-) > > usershare max shares (G) > > This parameter specifies the number of user defined shares that are allowed to be created by users belonging to the group owning the usershare directory. If set to zero (the default) user > defined shares are ignored. > > Default: usershare max shares = 0You should ask Debian to patch the manpage as well as the code. The default upstream is 0, Debian specifically chose 100. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
On Wed, 30 May 2018 06:21:36 +1200 Andrew Bartlett via samba <samba at lists.samba.org> wrote:> On Tue, 2018-05-29 at 10:00 +0200, Marco Gaiarin via samba wrote: > > Mandi! Emmanuel Florac via samba > > In chel di` si favelave... > > > > > > I can fire up bug for the manpage?! > > > > > > At least it should mention the default of 100 and why you would > > > want it at 0 instead. > > > > the bug is exactly for that, manpage lie! ;-) > > > > usershare max shares (G) > > > > This parameter specifies the number of user defined > > shares that are allowed to be created by users belonging to the > > group owning the usershare directory. If set to zero (the default) > > user defined shares are ignored. > > > > Default: usershare max shares = 0 > > You should ask Debian to patch the manpage as well as the code. > > The default upstream is 0, Debian specifically chose 100. > > Andrew BartlettER, so it would need a Debian Samba package maintainer to fix this (on Debian at least). Anybody know a Debian Samba package maintainer ??? ;-) Rowland