Web lists-archives.com

Re: [Samba] [SOLVED] samba 4 joining samba 3 pdc - group mismatch




On Thu, 3 May 2018 20:04:59 +0100
Rowland Penny via samba <samba@xxxxxxxxxxxxxxx> wrote:

> On Thu, 3 May 2018 15:55:47 -0300
> "Ethy H. Brito" <ethy.brito@xxxxxxxxxxxx> wrote:
> 
> > On Thu, 3 May 2018 19:18:45 +0100
> > Rowland Penny via samba <samba@xxxxxxxxxxxxxxx> wrote:
> >   
> > > On Thu, 3 May 2018 14:59:18 -0300
> > > "Ethy H. Brito via samba" <samba@xxxxxxxxxxxxxxx> wrote:
> > >   
> > > > I run the pdbedit command.
> > > > I got a lage amount of users (and groups). 
> > > > The admin of the S3 server deleted (userdel) 75 users and these
> > > > are still listed by pdbedit. How do I get rid os them??
> > > > 
> > > > I think you may be mistaken (or I did not fully understood your
> > > > affirmation). These "no such user" users were deleted from Linux
> > > > with "userdel -r"  and are ghosts in Samba.
> > > > I just tried to remove them (smbpasswd -x) them but got "Failed to
> > > > delete entry for user XXXX"
> > > > How do I get rid of these ghosts?    
> > > 
> > > The OS stores users in /etc/passwd and userdel removes these, but
> > > there are also Samba users and you need to run 'smbpasswd -x
> > > username' to remove these.  
> > 
> > You may missed my comment above. I did try 'smbpasswd -x <USERNAME>'.
> > I get "Failed to delete entry for user <USERNAME>".


I managed to delete all ghosts with "pdbedit -x -u USERNAME"


> >   
> > >   
> > > > > what is your rsync command ?    
> > > > 
> > > > for i in D1 D2 D3 D4 ; do 
> > > >         echo
> > > >         echo "SYNC'ing $i";
> > > >         echo
> > > >         /usr/bin/rsync -av S3:/var/samba/$i /home; 
> > > > done
> > > > 
> > > >     
> > > > > I ask this because if I rsync a file from my pc (rowland,
> > > > > 10000, ad backend) to a another pc (rowland, 11107, rid
> > > > > backend), ls -la shows the owner as 'rowland'    

About that, what I said earlier is wrong.
Correcting myself: when using -g option (forced when -a is given) rsync reads the
ownerships *by names* and preserve those names at the destination machine but,
as said at the manpage, it "may fall back to using the ID number in some
circumstances".

So, yes. If correctly issued the "net groupmap" command will give all tools
rsync needs to make its job correctly.

Now I have all files and directories with same permissions and ownership as the
source.

> > 
> > jgarcia is given NT_STATUS_ACCESS_DENIED.
> > If I change "valid users" to "@G1 jgarcia" *or* create a (local to
> > S4) G1 group the logs in.
> > 
> > How to debug this error?
> >   
> It isn't actually an error, the group 'G1' is a local group and as such
> is unknown to S4. You will need to create a group in samba on S3, map
> this to 'G1'. The mapped group should then become usable on S4.
> 

As I said above "net groupmap" did the trick. 

Thanks to you Mr. Rowland!

Issue seems solved.

Ethy

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba