Am 03.11.2019 um 09:42 schrieb Rowland penny via samba <samba at lists.samba.org>:> > ?On 02/11/2019 23:18, Hilberg via samba wrote: >> Hi >> >> The server suddenly changed the uid + gid. this happened to times, yesterday and the week after. The default group at example >> The samba is a AD member where we have many users (>20 000) and we use autorid in that way >> [global] >> security = ads >> workgroup = CUSTOMER >> realm = CUSTOMER.COM >> winbind use default domain = yes >> winbind enum users = yes >> winbind enum group = yes >> idmap config * : backend = autorid >> idmap config * : range = 1000000-8999999999 >> >> OS debian 10 >> DC Microsoft >> >> At the moment I have two questions: >> Why this happened and is there a way to stop the disaster? >> Is there a quick way to repair the disaster? I infects the profile directory used with acl. >> >> thank you >> > Please do not post things like this to the samba-technical list. > > As I said, you cannot use 'winbind use default domain = yes' with 'autorid', it makes all users and groups members of the same domain, this is probably what has happened here. > > Remove the line, this should stop it happening again > > If you have only one domain, then you shouldn't be using autorid, you should be using rid instead, unfortunately it is probably too late now.I have 4 trusted domains Builtin Hostname of Samba Servern Costumer costumerxy Custumer is the only primary> > As to how you fix your permissions, I fear this will have to be done manually, you will have to identify which folder or file belongs to which user/group. > > Samba does not create Unix IDs on Unix domain members, it either uses rfc2307 attributes stored in AD (if using the winbind 'ad' backend) or it calculates the ID from the AD objects SID > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 03/11/2019 15:06, Liste via samba wrote:> Am 03.11.2019 um 09:42 schrieb Rowland penny via samba <samba at lists.samba.org>: >> ?On 02/11/2019 23:18, Hilberg via samba wrote: >>> Hi >>> >>> The server suddenly changed the uid + gid. this happened to times, yesterday and the week after. The default group at example >>> The samba is a AD member where we have many users (>20 000) and we use autorid in that way >>> [global] >>> security = ads >>> workgroup = CUSTOMER >>> realm = CUSTOMER.COM >>> winbind use default domain = yes >>> winbind enum users = yes >>> winbind enum group = yes >>> idmap config * : backend = autorid >>> idmap config * : range = 1000000-8999999999 >>> >>> OS debian 10 >>> DC Microsoft >>> >>> At the moment I have two questions: >>> Why this happened and is there a way to stop the disaster? >>> Is there a quick way to repair the disaster? I infects the profile directory used with acl. >>> >>> thank you >>> >> Please do not post things like this to the samba-technical list. >> >> As I said, you cannot use 'winbind use default domain = yes' with 'autorid', it makes all users and groups members of the same domain, this is probably what has happened here. >> >> Remove the line, this should stop it happening again >> >> If you have only one domain, then you shouldn't be using autorid, you should be using rid instead, unfortunately it is probably too late now. > I have 4 trusted domains > Builtin > Hostname of Samba Servern > Costumer > costumerxy > > Custumer is the only primaryYou can forget the first two, but because you have two domains (Costumer & costumerxy), YOU CANNOT USE 'winbind use default domain = yes' with autorid. If you have a user COSTUMER\fred and a user COSTUMERXY\fred, whilst they are different users, they will both get mapped to CUSTOMER\fred and as the ID is calculated from the user SID, the ID may change. Rowland
Am 03.11.19 um 16:48 schrieb Rowland penny via samba: [...]>>> If you have only one domain, then you shouldn't be using autorid, you >>> should be using rid instead, unfortunately it is probably too late now. >> I have 4 trusted domains >> Builtin >> Hostname of Samba Servern >> Costumer >> costumerxy >> >> Custumer is the only primary > > You can forget the first two, but because you have two domains (Costumer > & costumerxy), YOU CANNOT USE 'winbind use default domain = yes' with > autorid. > > If you have a user COSTUMER\fred and a user COSTUMERXY\fred, whilst they > are different users, they will both get mapped to CUSTOMER\fred and as > the ID is calculated from the user SID, the ID may change. >Only Domain COSTUMER has fred