Am 06.08.19 um 15:50 schrieb Rowland penny via samba:> On 06/08/2019 14:44, Stefan G. Weichinger via samba wrote: >> same user uses a share on one of the DCs (yes, I know ... administrative >> small share) >> >> there it is correctly displayed in smbstatus >> >> So I expect some wrong/outdated mapping on the DM/fileserver? >> >> >> > On a Unix domain member, this could only be in a user.map, so check this.username map = /etc/samba/smbusers root at pre01svdeb01:/etc/samba# cat smbusers !root = BUERO\Administrator BUERO\administrator Administrator administrator I could remove that for a test ...> I would also get the user to log into another PC and connect to another > fileserver and see what happens.That will have to wait until I am there. Very busy guy without patience.
On 06/08/2019 14:54, Stefan G. Weichinger via samba wrote:> Am 06.08.19 um 15:50 schrieb Rowland penny via samba: >> On 06/08/2019 14:44, Stefan G. Weichinger via samba wrote: >>> same user uses a share on one of the DCs (yes, I know ... administrative >>> small share) >>> >>> there it is correctly displayed in smbstatus >>> >>> So I expect some wrong/outdated mapping on the DM/fileserver? >>> >>> >>> >> On a Unix domain member, this could only be in a user.map, so check this. > username map = /etc/samba/smbusers > > root at pre01svdeb01:/etc/samba# cat smbusers > !root = BUERO\Administrator BUERO\administrator Administrator administrator > > I could remove that for a test ... > >> I would also get the user to log into another PC and connect to another >> fileserver and see what happens. > That will have to wait until I am there. Very busy guy without patience. >Aha, that sounds like a guy who somehow knows the root/Administrators password and is using it, not that you will ever get him to admit it. I would change the root password and not tell him. Rowland
Am 06.08.19 um 16:02 schrieb Rowland penny via samba:> Aha, that sounds like a guy who somehow knows the root/Administrators > password and is using it, not that you will ever get him to admit it. I > would change the root password and not tell him.Hm, dunno. The shares are connected via GPOs etc I changed the password for Administrator now. So far no change and no call. Maybe some shares in his registry, using the Administrator-user? I killed that smbd-process now as well (no files were open right now) smbusers map edited as well - What about that stuff in /var/lib/samba/private on the DM? I see files from 2017: root at pre01svdeb01:/var/lib/samba# ls -l private/ insgesamt 3388 drwx------ 2 root root 12288 Aug 6 16:09 msg.sock -rw------- 1 root root 32768 Aug 6 08:09 netlogon_creds_cli.tdb -rw------- 1 root root 421888 Jul 8 2017 passdb.tdb -rw------- 1 root root 1286144 Jul 10 2017 sam.ldb -rw------- 1 root root 1286144 Jul 8 2017 secrets.ldb -rw------- 1 root root 430080 Apr 13 2018 secrets.tdb Does the idmap play a role here? thx, s