similar to: Change default samba 4.1. ACL behaviour

I use samba 4.1 as dc with acl. I have user with uid 3000023. However, I don't have group with guid 3000023. However, when this user creates a folder samba in acl list creates permissions for group 3000023 and as result I have broken link. How to fix it? -- Alex Sviridov

On 2015-11-16 at 11:14 +0000, Rowland Penny wrote: > On 16/11/15 10:11, Alex Sviridov wrote: > > I use samba 4.1 as dc with acl. I have user with uid 3000023. However, I don't have group with guid 3000023. However, when this user creates a folder samba in acl list creates permissions for group 3000023 and as result I have broken link. How to fix it? > > > > > > Hi,

I have a brand-new install of Debian 8 without systemd and a freshly-built Samba 4 install with issues. I created this as a standalone AD DC, setup group policies, etc and then took it to the client location. Now nothing works. I keep getting "RPC server unavailable" on Windows machines and trying to list shares on the DC itself results in NT_STATUS_INVALID_SID. I am lost as there are

On 2015-11-16 at 12:57 +0000, Rowland Penny wrote: > On 16/11/15 12:53, Michael Adam wrote: > >On 2015-11-16 at 11:14 +0000, Rowland Penny wrote: > >>On 16/11/15 10:11, Alex Sviridov wrote: > >>> I use samba 4.1 as dc with acl. I have user with uid 3000023. However, I don't have group with guid 3000023. However, when this user creates a folder samba in acl list

On Wed, 26 Oct 2016 17:27:37 -0400 Ryan Ashley via samba <samba at lists.samba.org> wrote: > I guess I should note that it seems like the high SIDs will resolve, > except for 300000. Below is an example. > > root at dc01:~# l /var/lib/samba/sysvol/medarts.lan/ > total 16 > drwxrws---+ 4 MEDARTS\reachfp 3000000 4096 Oct 17 17:45 Policies > drwxrws---+ 2 MEDARTS\reachfp

On 25.02.2019 10:20, Rowland Penny via samba wrote: > On Mon, 25 Feb 2019 09:24:24 +0100 > Viktor Trojanovic via samba <samba at lists.samba.org> wrote: > > > >>>> I'm confused.. how is the choice of the idmap backend related to an >>>> AD DC use case? >>> Only in the case of wanting the same ID everywhere. >> In my understanding, the

:-| ls -lnd /opt/samba/var/locks/sysvol drwxrwx---+ 3 0 3000000 4096 Jun 16 13:56 /opt/samba/var/locks/sysvol Em 16-06-2017 13:38, Rowland Penny via samba escreveu: > On Fri, 16 Jun 2017 13:15:19 -0300 > "Carlos A. P. Cunha" <carlos.hollow at gmail.com> wrote: > >> OK, sorry, uncomment a line :-D >> >> Yes exist! >> >> ls -ld

On Thu, 14 Jun 2018 16:03:35 -0400 Mark Foley via samba <samba at lists.samba.org> wrote: > Nevertheless, 'ls' does give names though I don't seem to have either > libnss-winbind or libpam-winbind files on my AD/DC. I keep forgetting that you use slackware, I suppose it uses something different, but do you have any file like: libnss_winbind.so.2 > > Circling back

Am 18.09.19 um 16:17 schrieb Rowland penny: > On 18/09/2019 03:41, Simeon Peter via samba wrote: >> I would remove any uidNumber & gidNumber attributes from the >> following users (if set): >>> administrator >>> guest >>> krbtgt >> Administrator has a uidNumber since long time and owns some files. >> Are there disadvantages if I leave his

Thanks, Rowland , 'net cache flush' solved my problem. but I found that I can't access any share in \\myshare. some related configurations in my smb,conf .... access based share enum = yes hide unreadable = yes username map = /etc/samba/user.map I can't see any share folder of my fileserver in fsmgmt.msc. and I run "smbstatus -b" PID Username Group

Rowland, no domain user can authenticate on any system and running sysvolreset followed by sysvolcheck results in a crash. If the sysvol permissions are correct, sysvolcheck does not crash. If I attempt to join a NAS or workstation to the domain I get NT_STATUS_INVALID_SID. Researching these symptoms turns up a thread about a corrupt idmap.ldb where a group SID and user SID may be the same or

Hi again, Am Dienstag, 2. Februar 2016, 12:09:59 CET schrieb Rowland penny: > On 02/02/16 11:26, Markus Dellermann wrote: > > Am Dienstag, 2. Februar 2016, 09:51:03 CET schrieb Rowland penny: > >> On 01/02/16 22:24, Markus Dellermann wrote: [....] > Ok, there are two schools of thought here, you can give Administrator a > uidNumber attribute, but this, as far as Unix is

On Thu, 14 Jun 2018 20:10:03 -0400 Mark Foley via samba <samba at lists.samba.org> wrote: > On Thu, 14 Jun 2018 21:37:58 +0100 Rowland Penny wrote: > > > > On Thu, 14 Jun 2018 16:03:35 -0400 > > Mark Foley via samba <samba at lists.samba.org> wrote: > > > > > Nevertheless, 'ls' does give names though I don't seem to have > > >

On 16/11/15 12:53, Michael Adam wrote: > On 2015-11-16 at 11:14 +0000, Rowland Penny wrote: >> On 16/11/15 10:11, Alex Sviridov wrote: >>> I use samba 4.1 as dc with acl. I have user with uid 3000023. However, I don't have group with guid 3000023. However, when this user creates a folder samba in acl list creates permissions for group 3000023 and as result I have broken

On 16/11/15 13:28, Michael Adam wrote: > On 2015-11-16 at 12:57 +0000, Rowland Penny wrote: >> On 16/11/15 12:53, Michael Adam wrote: >>> On 2015-11-16 at 11:14 +0000, Rowland Penny wrote: >>>> On 16/11/15 10:11, Alex Sviridov wrote: >>>>> I use samba 4.1 as dc with acl. I have user with uid 3000023. However, I don't have group with guid 3000023.

At the moment if Samba4 acts as DC (domain controller) it doesn' t support neighborhood browsing, that is computers in a local group are not visible in network neighborhood. I have not been remaining think about working of the functionality. And have found this one: http://forge.univention.org/bugzilla/show_bug.cgi?id=30132 I am not a programmer but may be it will be useful for easier and

Rowland, Thank you for the quick response. I have just run net cache flush no change in problem. I have dumped the idmap.ldp using ldbsearch -H /var/lib/samba/private/idmap.ldb > idmap.txt and did some sorting, that is how I found the duplicates. On 1/13/2017 11:09 AM, Rowland Penny via samba wrote: > samba-tool ntacl > >sysvolreset

I forgot about ldbsearch. Here is a dump of xid numbers. root at dc01:~# ldbsearch -H /var/lib/samba/private/idmap.ldb | grep xidNumber xidNumber: 3000028 xidNumber: 3000013 xidNumber: 3000033 xidNumber: 3000003 xidNumber: 3000032 xidNumber: 3000023 xidNumber: 3000019 xidNumber: 3000010 xidNumber: 65534 xidNumber: 3000031 xidNumber: 3000022 xidNumber: 3000026 xidNumber: 3000017 xidNumber: 3000027

On Sun, Oct 25, 2020 at 2:38 PM Rowland penny via samba <samba at lists.samba.org> wrote: > So '5035' is a computer, but what is '3000011' ? > You can find out by running this on the DC: > ldbsearch -H /path/to/idmap.ldb '(&(objectClass=sidMap)(xidNumber=3000011))' =================================== # ldbsearch -H /usr/local/samba/private/idmap.ldb

Thank you very much for clarifying the ID mapping "magic";) > You do not need 'posixgroup', it is an auxiliary objectclass of group, you can add any of the rfc2307 attributes without it. Well, is there any option to remove it? Because "posixgroup" is on every group that was migrated from Samba 3. And I cannot edit this attribute in ADUC (delete button is grayed).