similar to: [bug?] idmap.ldb xidNumber attributes overlap with existing users'/groups' uidNumber/gidNumber

Hi everyone The s4 Domain Users group has xidNumber: 100 and the Linux users group has gidNumber=100. I've been mapping xidNumber <--> gidNumber for s4 posix groups I've added myself, but this causes a name collision for Domain Users. This also has implications on Linux as local users have access to the group owned stuff of Domain users. I've changed the xidNumber in

Greetings, Rowland Penny! >>> Hi Louis, It works for me >>> This appears in log.smbd on my DC when I run the same command: >>> [2015/03/30 10:15:42.442881, 3] >>> ../source3/smbd/service.c:856(make_connection_snum) >>> dc01 (ipv6:::1:43602) connect to service IPC$ initially as user NT >>> AUTHORITY\ANONYMOUS LOGON (uid=65534, gid=3000013)

On 01/12/14 17:46, steve wrote: > On 01/12/14 18:25, Rowland Penny wrote: >> On 01/12/14 17:16, steve wrote: >>> On 01/12/14 18:11, Rowland Penny wrote: >>>> On 01/12/14 17:09, steve wrote: >>>>> On 01/12/14 17:31, Greg Zartman wrote: >>>>>> On Mon, Dec 1, 2014 at 1:33 AM, Rowland Penny >>>>>> <rowlandpenny at

Hello, There recommended range in Samba4 share for BUILTIN users is usually (from Samba wiki) # Default ID mapping configuration for local BUILTIN accounts # and groups on a domain member. The default (*) domain: # - must not overlap with any domain ID mapping configuration! # - must use a read-write-enabled back end, such as tdb. idmap config * : backend = tdb idmap config * : range = 3000-7999

On 01/12/14 18:23, steve wrote: > On 01/12/14 19:11, Rowland Penny wrote: >> On 01/12/14 17:46, steve wrote: >>> On 01/12/14 18:25, Rowland Penny wrote: >>>> On 01/12/14 17:16, steve wrote: >>>>> On 01/12/14 18:11, Rowland Penny wrote: >>>>>> On 01/12/14 17:09, steve wrote: >>>>>>> On 01/12/14 17:31, Greg Zartman

On 01/12/14 19:16, steve wrote: > On 01/12/14 19:30, Rowland Penny wrote: >> On 01/12/14 18:23, steve wrote: >>> On 01/12/14 19:11, Rowland Penny wrote: >>>> On 01/12/14 17:46, steve wrote: >>>>> On 01/12/14 18:25, Rowland Penny wrote: >>>>>> On 01/12/14 17:16, steve wrote: >>>>>>> On 01/12/14 18:11, Rowland Penny

Greetings, Rowland Penny! >>>>> Hi Louis, It works for me >>>>> This appears in log.smbd on my DC when I run the same command: >>>>> [2015/03/30 10:15:42.442881, 3] >>>>> ../source3/smbd/service.c:856(make_connection_snum) >>>>> dc01 (ipv6:::1:43602) connect to service IPC$ initially as user NT >>>>>

Rowland, Thank you for the quick response. I have just run net cache flush no change in problem. I have dumped the idmap.ldp using ldbsearch -H /var/lib/samba/private/idmap.ldb > idmap.txt and did some sorting, that is how I found the duplicates. On 1/13/2017 11:09 AM, Rowland Penny via samba wrote: > samba-tool ntacl > >sysvolreset

On 01/12/14 17:16, steve wrote: > On 01/12/14 18:11, Rowland Penny wrote: >> On 01/12/14 17:09, steve wrote: >>> On 01/12/14 17:31, Greg Zartman wrote: >>>> On Mon, Dec 1, 2014 at 1:33 AM, Rowland Penny >>>> <rowlandpenny at googlemail.com> >>>> wrote: >>>> >>>>> >>>>>> I do what windows does,

On Mon, Dec 1, 2014 at 11:39 AM, Rowland Penny <rowlandpenny at googlemail.com> wrote: > I understand where you are coming from, I have written my own scripts to > maintain an S4 AD DC but as you say the documentation is a bit limited, so > I had to search and experiment to find out how to do things. The > documentation is getting better, but it will take time, if you have any

Greetings, Rowland Penny! <Trying to resend, sorry for possible duplicates.> > On 30/03/15 10:06, L.P.H. van Belle wrote: Please don't top-post. It make messages very hard to read. >> I think this wont work since the user connectig isnt known in the AD, >> since the user connecting is mapped to user nobody. I'm doing s simple check (anonymous listing of DC shares)

I have a brand-new install of Debian 8 without systemd and a freshly-built Samba 4 install with issues. I created this as a standalone AD DC, setup group policies, etc and then took it to the client location. Now nothing works. I keep getting "RPC server unavailable" on Windows machines and trying to list shares on the DC itself results in NT_STATUS_INVALID_SID. I am lost as there are

On 6/5/19 10:06 AM, Rowland penny via samba wrote: >> >> Now I have problems with id mapping configuration: >> >> wbinfo -u works. >> wbinfo -g works. >> getent group does not list domain users and groups. >> >> I logged into PDC and checked gidNumber for "Domain Users": >> >> [root at site-ad ~]# wbinfo --name-to-sid

Trying out 4.2.0 rc2 and winbindd. Below is the AD DC's smb.conf. Samba on the AD DC is updated from 4.1.3. I'm having trouble getting uid-/gidNumbers. Just xidNumbers are displayed. All domain account and groups have got it assigned. What did I miss? Is it possible that the outcome from the commands run on the AD DC is a product from the fact that the domains NetBIOS-name is EXAMPLE and

On Wed, 26 Oct 2016 17:27:37 -0400 Ryan Ashley via samba <samba at lists.samba.org> wrote: > I guess I should note that it seems like the high SIDs will resolve, > except for 300000. Below is an example. > > root at dc01:~# l /var/lib/samba/sysvol/medarts.lan/ > total 16 > drwxrws---+ 4 MEDARTS\reachfp 3000000 4096 Oct 17 17:45 Policies > drwxrws---+ 2 MEDARTS\reachfp

On 6/5/19 11:26 AM, Rowland penny via samba wrote: > On 05/06/2019 10:04, ?ukasz Michalski via samba wrote: >> >>>> >>>> [root at site-ad ~]# wbinfo --sid-to-gid S-1-5-21-4155694911-3186826046-1573605777-513 >>>> 985 (same as 'users' unix gid on host) >>> where did the '985' come from ? >> >> I think from there:

On 1/13/2017 3:30 PM, Rowland Penny wrote: > On Fri, 13 Jan 2017 15:20:52 -0500 > Bob Thomas <bthomas at cybernetics.com> wrote: > >> On 1/13/2017 1:45 PM, Rowland Penny wrote: >>> On Fri, 13 Jan 2017 13:30:14 -0500 >>> Bob Thomas <bthomas at cybernetics.com> wrote: >>> >>>> Rowland, >>>>>> Thank you for the quick

I have succesfully migrated our users (~3900) from our Samba 3 DC/OpenLDAP, complete with passwords. I have some 300 + groups that I'm trying to get migrated to our Samba 4 AD. I can create the groups, but it looks from the domain-member's side that groups don't work as I expect them to. - Not all groups seems to be visible by using 'getent group'. It looks like groups

I've got this on the backup DC root at bdc:~# wbinfo --sid-to-gid S-1-5-21-1166961617-3197558402-3341820450-516 3000000 while root at bdc:~# ldbedit -H /usr/local/samba/private/idmap.ldb objectsid=S-1-5-21-1166961617-3197558402-3341820450-516 shows correct xid 3000019 and on the primary DC I've got itk at dc:/$ wbinfo --sid-to-gid S-1-5-21-1166961617-3197558402-3341820450-516 3000019

> Domain Admins is mapped as ID_TYPE_BOTH in idmap.ldb on the DC, this makes Domain Admins a group and a user. I looked on a brand new test DC (with nss-winbind), and it looks like it doesn't work right with winbind: root at dc1# ls -l /var/lib/samba/sysvol/ad-test.vx/Policies/ total 16 drwxrwx---+ 4 3000004 ADTEST\domain admins 4096 Jun 13 21:41 {31B2F340-016D-11D2-945F-00C04FB984F9}