Web lists-archives.com

Re: [Samba] Uidnumbers strange behaviour on DC




On Wed, 3 Oct 2018 13:33:08 +0100
Carlos Jesus via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Dear all,
> I have a problem with our samba installation and really need your
> input since I'm running out of ideas.
> Short story:
> UidNumbers on a DC have a strange behaviour
> Longer Story:
> 1) Self compiled samba ad-dc now on V4.8.5 (recently and painlessly
> upgraded from 4.6.14) +bind9 +dhcp on debian stretch mostly managed
> through RSAT
> 2) 2 DC's + 3 linux (debian/ubuntu) +20ish win10 clients configured
> according to  (a hopefully correct) extensive reading of the wiki
> 3) One of the DC's is a file server (yeah... I know...; working on
> solving this soon and actually this is why I noticed this issue)
> 4) The issue:
> 4a) On DC1: wbinfo --user-info=cmachado
> EUROHIDRA\cmachado:*:3000154:10001::/home/EUROHIDRA/cmachado:/bin/false
> 4b) on DC2: wbinfo --user-info=cmachado
> EUROHIDRA\cmachado:*:10014:10001::/home/EUROHIDRA/cmachado:/bin/false
> 4c) On DC1:  wbinfo --uid-info=10014
> EUROHIDRA\cmachado:*:3000154:10001::/home/EUROHIDRA/cmachado:/bin/false
> 4d) On DC1:  wbinfo --uid-info=3000154
> EUROHIDRA\cmachado:*:3000154:10001::/home/EUROHIDRA/cmachado:/bin/false
> 4e) on RSAT Uidnumber: 10014
> 5) Now, if I do a net cache flush on DC1, I get:  wbinfo
> --user-info=cmachado
> EUROHIDRA\cmachado:*:10014:10001::/home/EUROHIDRA/cmachado:/bin/false
> 5a) After a samba restart, the "odd" Uidnumbers" return
> 6) This happens only for 3 (out of 20ish) users

This is a known problem.
Obtain the objectSID for the relevant users.
Open 'idmap.ldb' with ldbedit.
Search for the objectSid's you obtained above and delete the entire
object for each one.
Close and save 'idmap.ldb'
run 'net cache flush' 

> [global]
>         realm = EUROHIDRA.LOCAL
>         workgroup = EUROHIDRA
>         netbios name = XXXXXXXX
>         interfaces = lo br0
>         bind interfaces only = Yes
>         server role = active directory domain controller
>         idmap_ldb:use rfc2307 = yes
>         log level = 2
>         log file = /var/log/samba/samba.log
>         username map = /usr/local/samba/etc/user.map
>         services -dns
>         dedicated keytab file = /etc/krb5.keytab
>         kerberos method = secrets and keytab
>         winbind refresh tickets = Yes
> 
>         load printers = no
>         printing = bsd
>         printcap name = /dev/null
>         disable spoolss = yes
> 

Make both DC's smb.conf look like the above, change 'XXXXXXXX' to the
correct hostname.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba