Web lists-archives.com

Re: [Samba] Domain Users group with multiple gid




On Sun, 8 Apr 2018 13:22:28 +0100
Clemente Aguiar via samba <samba@xxxxxxxxxxxxxxx> wrote:

> The samba was created by Zentyal system (http://www.zentyal.org).
> 
> Here is smb.conf:
> 
> [global]
>      workgroup = arditi
>      realm = ARDITI.PT
>      netbios name = hera
>      server string = Zentyal Server
>      server role = dc
>      server role check:inhibit = yes
>      server services = -dns
>      server signing = auto
>      dsdb:schema update allowed = yes
>      ldap server require strong auth = no
>      drs:max object sync = 1200
> 
>      idmap_ldb:use rfc2307 = yes
> 
>      winbind enum users = yes
>      winbind enum groups = yes
>      template shell = /bin/bash
>      template homedir = /home/%U
> 
>      interfaces = lo,eth0
>      bind interfaces only = yes
> 
>      map to guest = Bad User
> 
>      log level = 3
>      log file = /var/log/samba/samba.log
>      max log size = 100000
> 
>      include = /etc/samba/shares.conf
> 
> [netlogon]
>      path = /var/lib/samba/sysvol/arditi.pt/scripts
>      browseable = no
>      read only = yes
> 
> [sysvol]
>      path = /var/lib/samba/sysvol
>      read only = no

It is running as an AD DC and the IDs you showed are not in the
'3000000' range, so this means one of two things, either idmap.ldb has
been messed with (not recommended) or the users and groups have been
given uidNumber and gidNumber attributes (with very low numbers, again
not recommended).
I think it is more likely to be the later and if so, there is a bug for
this: https://bugzilla.samba.org/show_bug.cgi?id=13054#

Rowland 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba