search for: 3000300

...default:group:OURDOMAIN\134proxmox$:rwx >> default:mask::rwx >> default:other::--- > > And the 'original' getfacl on both DC2/DC3 looks like this: >> user::rwx >> user:root:rwx >> user:BUILTIN\134administrators:rwx >> user:3000009:r-x >> user:3000300:rwx >> group::rwx >> group:BUILTIN\134server\040operators:r-x >> group:BUILTIN\134administrators:rwx >> group:3000009:r-x >> group:3000300:rwx >> mask::rwx >> other::--- >> default:user::rwx >> default:user:root:rwx >> default:user:BUILTIN...

Am 21.06.2016 um 10:41 schrieb lists: > Hi Achim, > > On 21-6-2016 0:01, Achim Gottinger wrote: >> Hi MJ and Rowland, >> >> I did abit of testing last week (two debian jesie servers with sernet >> 4.2 samba packages). Seems when rsync is run against rsyncd or involved >> via xinet as it is described in the wiki the user and group mapping does >> not

...> Just delete it and then close & save your editor, run 'net cache flush' > and then let Samba recreate the record. So, I did that, and output is still the same...? I re-checked idmap.ldb on dc4, and a new entry was generated for CN=S-1-5-18, but not with the expected xidNumber 3000300 (like on dc2/dc3) but 3000306. Then i searched idmap.ldb on dc4 for xidNumber 3000300, and it already exists for a record: > # record 295 > dn: CN=S-1-5-21-90123450-981238634-861235949-133256 > cn: S-1-5-21-90123450-981238634-861235949-133256 > objectClass: sidMap > objectSid: S-...

...DCs, then open 'idmap.ldb' on each DC with ldbedit > and check that the unmapped ones are mapped to the same windows RIDs, > which should be CN=S-1-5-18 and CN=S-1-5-11 So, they are the same on DC2 and DC3, but the xid for CN=S-1-5-18 is different on DC4 (DC4 is 3000024, compared to 3000300 on the DC2/DC3) Also getfacl /var/lib/samba/sysvol looks very different on DC4: > root at dc4:~# getfacl /var/lib/samba/sysvol/ > getfacl: Removing leading '/' from absolute path names > # file: var/lib/samba/sysvol/ > # owner: root > # group: BUILTIN\134administrators >...

On 6/21/2016 7:09 AM, lists wrote: > Hi Achim, > >> Looks like on DC4 3000300 is mapped to an computer account for >> "proxmox". >> >> On DC2/DC32 3000009 should map to S-1-5-18 (Local System) and 3000300 >> S-1-5-11 (Autheticated Users). >> These are both Security groups which do not resolv via winbindd so they >> can not be ma...

...ILTIN\134server\040operators:r-x > default:group:OURDOMAIN\134proxmox$:rwx > default:mask::rwx > default:other::--- And the 'original' getfacl on both DC2/DC3 looks like this: > user::rwx > user:root:rwx > user:BUILTIN\134administrators:rwx > user:3000009:r-x > user:3000300:rwx > group::rwx > group:BUILTIN\134server\040operators:r-x > group:BUILTIN\134administrators:rwx > group:3000009:r-x > group:3000300:rwx > mask::rwx > other::--- > default:user::rwx > default:user:root:rwx > default:user:BUILTIN\134administrators:rwx > default:user...

...n close & save your editor, run 'net cache flush' >> and then let Samba recreate the record. > > So, I did that, and output is still the same...? > > I re-checked idmap.ldb on dc4, and a new entry was generated for > CN=S-1-5-18, but not with the expected xidNumber 3000300 (like on > dc2/dc3) but 3000306. > > Then i searched idmap.ldb on dc4 for xidNumber 3000300, and it already > exists for a record: > >> # record 295 >> dn: CN=S-1-5-21-90123450-981238634-861235949-133256 >> cn: S-1-5-21-90123450-981238634-861235949-133256 >>...

...39;idmap.ldb' on each DC with ldbedit >> and check that the unmapped ones are mapped to the same windows RIDs, >> which should be CN=S-1-5-18 and CN=S-1-5-11 > So, they are the same on DC2 and DC3, but the xid for CN=S-1-5-18 is > different on DC4 (DC4 is 3000024, compared to 3000300 on the DC2/DC3) > > Also getfacl /var/lib/samba/sysvol looks very different on DC4: >> root at dc4:~# getfacl /var/lib/samba/sysvol/ >> getfacl: Removing leading '/' from absolute path names >> # file: var/lib/samba/sysvol/ >> # owner: root >> # group: BU...

...; on each DC with ldbedit >>> and check that the unmapped ones are mapped to the same windows RIDs, >>> which should be CN=S-1-5-18 and CN=S-1-5-11 >> So, they are the same on DC2 and DC3, but the xid for CN=S-1-5-18 is >> different on DC4 (DC4 is 3000024, compared to 3000300 on the DC2/DC3) >> >> Also getfacl /var/lib/samba/sysvol looks very different on DC4: >>> root at dc4:~# getfacl /var/lib/samba/sysvol/ >>> getfacl: Removing leading '/' from absolute path names >>> # file: var/lib/samba/sysvol/ >>> # owner: r...

Hi all, Following this thread with interest, as we are also having some issues with GPO (they work on and off, unpredictably) We checked iddap.ldb on the DCs and noticed differences between DCs. We would like to ask some questions: On 10-6-2016 9:26, Rowland penny wrote: > Well, it is and it isn't, yes winbindd will display the user & group > names for sysvol, but sysvol still