Re: [Samba] Samba-winbind 3.5.4 primary group is always domainusers!!!???
Hi, I'm sure this is not the correct behaviour. It used to work in samba 3.3 using the primary group set on the unix attributes tab. Of course this group has a GID, otherwise it wouldn't be visible. -Original Message- From: Andrew Lyon [mailto:andrew.l...@gmail.com] Sent: Sonntag, 24. Oktober 2010 17:20 To: Oliver Weinmann Cc: samba@lists.samba.org Subject: Re: [Samba] Samba-winbind 3.5.4 primary group is always domainusers!!!??? On Sun, Oct 24, 2010 at 2:46 PM, Andrew Lyon wrote: >> -Original Message- >> From: Andrew Lyon [mailto:andrew.l...@gmail.com] >> Sent: Freitag, 22. Oktober 2010 11:50 >> To: Oliver Weinmann >> Cc: samba@lists.samba.org >> Subject: Re: [Samba] Samba-winbind 3.5.4 primary group is always >> domainusers!!!??? >> >> On Wed, Oct 20, 2010 at 12:36 PM, Oliver Weinmann >> wrote: >>> Hi, >>> >>> Any news regarding this problem? I have testet samba 3.5.6 and the >>> problem still persists. I had to downgrade to 3.3 on a few machines now. >>> >>> Regards, >>> Oliver >>> >>> -Original Message- >>> From: samba-boun...@lists.samba.org >>> [mailto:samba-boun...@lists.samba.org] On Behalf Of Oliver Weinmann >>> Sent: Donnerstag, 9. September 2010 13:13 >>> To: samba@lists.samba.org >>> Subject: [Samba] Samba-winbind 3.5.4 primary group is always >>> domainusers!!!??? >>> >>> Dear All, >>> >>> I stepped over a strange issue today. I have one installation of >>> samba winbind 3.3.2 on a Ubuntu machine. Changing the primary unix >>> group of a user is updated immediately. On a newer samba 3.5.4 >>> installation the primary group is not updated at all. It always displays >>> "domain users". >>> Is there a new setting for the smb.conf? Here is my smb.conf: >>> >>> [global] >>> netbios name = gedail1 >>> realm = SOMEDOMAIN.NET >>> workgroup = SOMEDOMAIN >>> security = ADS >>> encrypt passwords = true >>> password server = server1.somedomain.net >>> server2.somedomain.net >>> os level = 20 >>> idmap backend = ad >>> idmap config SOMEDOMAIN : backend = ad >>> idmap config SOMEDOMAIN : schema_mode = sfu >>> idmap config SOMEDOMAIN : range = 0- >>> winbind nss info = sfu >>> winbind enum users = yes >>> winbind enum groups = yes >>> preferred master = no >>> winbind nested groups = Yes >>> winbind use default domain = Yes >>> max log size = 50 >>> log level = 10 >>> log file = /var/log/samba/log.%m >>> dns proxy = no >>> wins server = 172.20.200.18 172.18.200.20 >>> allow trusted domains = no >>> client use spnego = Yes >>> use kerberos keytab = true >>> winbind refresh tickets = yes >>> idmap cache time = 1 >>> winbind cache time = 1 >>> >>> It's a W2k3 AD Domain. >>> >>> Regards, >>> Oliver >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >>> >>> __ This email has been scanned by the MessageLabs Email Security >>> System. >>> For more information please visit http://www.messagelabs.com/email >>> >>> __ >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >> >> I've noticed the same with samba 3.5.6, our administrator user has primary >> group name/gid Domain Admins but the primary group on our linux systems is >> domain users. >> >> I've noticed that searching AD for users with rfc2307/sfu attributes shows >> the correct gid: >> >> net ads search '(|(uidNumber=*)(gidNumber=*))' objectCategory >> sAMAccountName uidNumber gidNumber -P >> >> sAMAccountName: Domain Users >> objectCategory: >> CN=Group,CN=Schema,CN=Configuration,DC=josims,DC=local >> gidNumber: 1 >> >> sAMAccountName: test >> objectCategory: >> CN=Person,CN=Schema,CN=Configuration,DC=josim
Re: [Samba] Samba-winbind 3.5.4 primary group is always domainusers!!!???
On Sun, Oct 24, 2010 at 2:46 PM, Andrew Lyon wrote: >> -Original Message- >> From: Andrew Lyon [mailto:andrew.l...@gmail.com] >> Sent: Freitag, 22. Oktober 2010 11:50 >> To: Oliver Weinmann >> Cc: samba@lists.samba.org >> Subject: Re: [Samba] Samba-winbind 3.5.4 primary group is always >> domainusers!!!??? >> >> On Wed, Oct 20, 2010 at 12:36 PM, Oliver Weinmann >> wrote: >>> Hi, >>> >>> Any news regarding this problem? I have testet samba 3.5.6 and the >>> problem still persists. I had to downgrade to 3.3 on a few machines now. >>> >>> Regards, >>> Oliver >>> >>> -Original Message- >>> From: samba-boun...@lists.samba.org >>> [mailto:samba-boun...@lists.samba.org] On Behalf Of Oliver Weinmann >>> Sent: Donnerstag, 9. September 2010 13:13 >>> To: samba@lists.samba.org >>> Subject: [Samba] Samba-winbind 3.5.4 primary group is always >>> domainusers!!!??? >>> >>> Dear All, >>> >>> I stepped over a strange issue today. I have one installation of samba >>> winbind 3.3.2 on a Ubuntu machine. Changing the primary unix group of >>> a user is updated immediately. On a newer samba 3.5.4 installation the >>> primary group is not updated at all. It always displays "domain users". >>> Is there a new setting for the smb.conf? Here is my smb.conf: >>> >>> [global] >>> netbios name = gedail1 >>> realm = SOMEDOMAIN.NET >>> workgroup = SOMEDOMAIN >>> security = ADS >>> encrypt passwords = true >>> password server = server1.somedomain.net server2.somedomain.net >>> os level = 20 >>> idmap backend = ad >>> idmap config SOMEDOMAIN : backend = ad >>> idmap config SOMEDOMAIN : schema_mode = sfu >>> idmap config SOMEDOMAIN : range = 0- >>> winbind nss info = sfu >>> winbind enum users = yes >>> winbind enum groups = yes >>> preferred master = no >>> winbind nested groups = Yes >>> winbind use default domain = Yes >>> max log size = 50 >>> log level = 10 >>> log file = /var/log/samba/log.%m >>> dns proxy = no >>> wins server = 172.20.200.18 172.18.200.20 >>> allow trusted domains = no >>> client use spnego = Yes >>> use kerberos keytab = true >>> winbind refresh tickets = yes >>> idmap cache time = 1 >>> winbind cache time = 1 >>> >>> It's a W2k3 AD Domain. >>> >>> Regards, >>> Oliver >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >>> __ >>> This email has been scanned by the MessageLabs Email Security System. >>> For more information please visit http://www.messagelabs.com/email >>> __ >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >> >> I've noticed the same with samba 3.5.6, our administrator user has primary >> group name/gid Domain Admins but the primary group on our linux systems is >> domain users. >> >> I've noticed that searching AD for users with rfc2307/sfu attributes shows >> the correct gid: >> >> net ads search '(|(uidNumber=*)(gidNumber=*))' objectCategory sAMAccountName >> uidNumber gidNumber -P >> >> sAMAccountName: Domain Users >> objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=josims,DC=local >> gidNumber: 1 >> >> sAMAccountName: test >> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=josims,DC=local >> uidNumber: 10009 >> gidNumber: 10010 >> >> The gid returned is correct, and if I change it and remove the cache file it >> updates, so it is definitely being read from AD, but all users have gid >> domain users: >> >> wbinfo -i test >> test:*:10009:1:test:/home/test:/bin/bash >> >> Andy >> >> __ >> This email has been scanned by the MessageLabs Email Security System. >
Re: [Samba] Samba-winbind 3.5.4 primary group is always domainusers!!!???
> -Original Message- > From: Andrew Lyon [mailto:andrew.l...@gmail.com] > Sent: Freitag, 22. Oktober 2010 11:50 > To: Oliver Weinmann > Cc: samba@lists.samba.org > Subject: Re: [Samba] Samba-winbind 3.5.4 primary group is always > domainusers!!!??? > > On Wed, Oct 20, 2010 at 12:36 PM, Oliver Weinmann > wrote: >> Hi, >> >> Any news regarding this problem? I have testet samba 3.5.6 and the >> problem still persists. I had to downgrade to 3.3 on a few machines now. >> >> Regards, >> Oliver >> >> -Original Message- >> From: samba-boun...@lists.samba.org >> [mailto:samba-boun...@lists.samba.org] On Behalf Of Oliver Weinmann >> Sent: Donnerstag, 9. September 2010 13:13 >> To: samba@lists.samba.org >> Subject: [Samba] Samba-winbind 3.5.4 primary group is always >> domainusers!!!??? >> >> Dear All, >> >> I stepped over a strange issue today. I have one installation of samba >> winbind 3.3.2 on a Ubuntu machine. Changing the primary unix group of >> a user is updated immediately. On a newer samba 3.5.4 installation the >> primary group is not updated at all. It always displays "domain users". >> Is there a new setting for the smb.conf? Here is my smb.conf: >> >> [global] >> netbios name = gedail1 >> realm = SOMEDOMAIN.NET >> workgroup = SOMEDOMAIN >> security = ADS >> encrypt passwords = true >> password server = server1.somedomain.net server2.somedomain.net >> os level = 20 >> idmap backend = ad >> idmap config SOMEDOMAIN : backend = ad >> idmap config SOMEDOMAIN : schema_mode = sfu >> idmap config SOMEDOMAIN : range = 0- >> winbind nss info = sfu >> winbind enum users = yes >> winbind enum groups = yes >> preferred master = no >> winbind nested groups = Yes >> winbind use default domain = Yes >> max log size = 50 >> log level = 10 >> log file = /var/log/samba/log.%m >> dns proxy = no >> wins server = 172.20.200.18 172.18.200.20 >> allow trusted domains = no >> client use spnego = Yes >> use kerberos keytab = true >> winbind refresh tickets = yes >> idmap cache time = 1 >> winbind cache time = 1 >> >> It's a W2k3 AD Domain. >> >> Regards, >> Oliver >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> __ >> This email has been scanned by the MessageLabs Email Security System. >> For more information please visit http://www.messagelabs.com/email >> __ >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > I've noticed the same with samba 3.5.6, our administrator user has primary > group name/gid Domain Admins but the primary group on our linux systems is > domain users. > > I've noticed that searching AD for users with rfc2307/sfu attributes shows > the correct gid: > > net ads search '(|(uidNumber=*)(gidNumber=*))' objectCategory sAMAccountName > uidNumber gidNumber -P > > sAMAccountName: Domain Users > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=josims,DC=local > gidNumber: 1 > > sAMAccountName: test > objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=josims,DC=local > uidNumber: 10009 > gidNumber: 10010 > > The gid returned is correct, and if I change it and remove the cache file it > updates, so it is definitely being read from AD, but all users have gid > domain users: > > wbinfo -i test > test:*:10009:1:test:/home/test:/bin/bash > > Andy > > __ > This email has been scanned by the MessageLabs Email Security System. > For more information please visit http://www.messagelabs.com/email > __ > On Fri, Oct 22, 2010 at 10:55 AM, Oliver Weinmann wrote: >> Good to know that I'm not the only one facing this serious problem. I would >> really like to know why this is not the case under >>samba 3.3. Currently I >> have stopped upgrading from 3.3 to 3.5.x because this problem is generating >> a lot of tro
Re: [Samba] Samba-winbind 3.5.4 primary group is always domainusers!!!???
Good to know that I'm not the only one facing this serious problem. I would really like to know why this is not the case under samba 3.3. Currently I have stopped upgrading from 3.3 to 3.5.x because this problem is generating a lot of trouble for us when users of different projects create files and they are read/write for all members of domain users. The only way around this is to use the SGID on the folder to inherit the project group. -Original Message- From: Andrew Lyon [mailto:andrew.l...@gmail.com] Sent: Freitag, 22. Oktober 2010 11:50 To: Oliver Weinmann Cc: samba@lists.samba.org Subject: Re: [Samba] Samba-winbind 3.5.4 primary group is always domainusers!!!??? On Wed, Oct 20, 2010 at 12:36 PM, Oliver Weinmann wrote: > Hi, > > Any news regarding this problem? I have testet samba 3.5.6 and the > problem still persists. I had to downgrade to 3.3 on a few machines now. > > Regards, > Oliver > > -Original Message- > From: samba-boun...@lists.samba.org > [mailto:samba-boun...@lists.samba.org] On Behalf Of Oliver Weinmann > Sent: Donnerstag, 9. September 2010 13:13 > To: samba@lists.samba.org > Subject: [Samba] Samba-winbind 3.5.4 primary group is always > domainusers!!!??? > > Dear All, > > I stepped over a strange issue today. I have one installation of samba > winbind 3.3.2 on a Ubuntu machine. Changing the primary unix group of > a user is updated immediately. On a newer samba 3.5.4 installation the > primary group is not updated at all. It always displays "domain users". > Is there a new setting for the smb.conf? Here is my smb.conf: > > [global] > netbios name = gedail1 > realm = SOMEDOMAIN.NET > workgroup = SOMEDOMAIN > security = ADS > encrypt passwords = true > password server = server1.somedomain.net server2.somedomain.net > os level = 20 > idmap backend = ad > idmap config SOMEDOMAIN : backend = ad > idmap config SOMEDOMAIN : schema_mode = sfu > idmap config SOMEDOMAIN : range = 0- > winbind nss info = sfu > winbind enum users = yes > winbind enum groups = yes > preferred master = no > winbind nested groups = Yes > winbind use default domain = Yes > max log size = 50 > log level = 10 > log file = /var/log/samba/log.%m > dns proxy = no > wins server = 172.20.200.18 172.18.200.20 > allow trusted domains = no > client use spnego = Yes > use kerberos keytab = true > winbind refresh tickets = yes > idmap cache time = 1 > winbind cache time = 1 > > It's a W2k3 AD Domain. > > Regards, > Oliver > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > __ > This email has been scanned by the MessageLabs Email Security System. > For more information please visit http://www.messagelabs.com/email > __ > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > I've noticed the same with samba 3.5.6, our administrator user has primary group name/gid Domain Admins but the primary group on our linux systems is domain users. I've noticed that searching AD for users with rfc2307/sfu attributes shows the correct gid: net ads search '(|(uidNumber=*)(gidNumber=*))' objectCategory sAMAccountName uidNumber gidNumber -P sAMAccountName: Domain Users objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=josims,DC=local gidNumber: 1 sAMAccountName: test objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=josims,DC=local uidNumber: 10009 gidNumber: 10010 The gid returned is correct, and if I change it and remove the cache file it updates, so it is definitely being read from AD, but all users have gid domain users: wbinfo -i test test:*:10009:1:test:/home/test:/bin/bash Andy __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba-winbind 3.5.4 primary group is always domainusers!!!???
On Wed, Oct 20, 2010 at 12:36 PM, Oliver Weinmann wrote: > Hi, > > Any news regarding this problem? I have testet samba 3.5.6 and the > problem still persists. I had to downgrade to 3.3 on a few machines now. > > Regards, > Oliver > > -Original Message- > From: samba-boun...@lists.samba.org > [mailto:samba-boun...@lists.samba.org] On Behalf Of Oliver Weinmann > Sent: Donnerstag, 9. September 2010 13:13 > To: samba@lists.samba.org > Subject: [Samba] Samba-winbind 3.5.4 primary group is always > domainusers!!!??? > > Dear All, > > I stepped over a strange issue today. I have one installation of samba > winbind 3.3.2 on a Ubuntu machine. Changing the primary unix group of a > user is updated immediately. On a newer samba 3.5.4 installation the > primary group is not updated at all. It always displays "domain users". > Is there a new setting for the smb.conf? Here is my smb.conf: > > [global] > netbios name = gedail1 > realm = SOMEDOMAIN.NET > workgroup = SOMEDOMAIN > security = ADS > encrypt passwords = true > password server = server1.somedomain.net server2.somedomain.net > os level = 20 > idmap backend = ad > idmap config SOMEDOMAIN : backend = ad > idmap config SOMEDOMAIN : schema_mode = sfu > idmap config SOMEDOMAIN : range = 0- > winbind nss info = sfu > winbind enum users = yes > winbind enum groups = yes > preferred master = no > winbind nested groups = Yes > winbind use default domain = Yes > max log size = 50 > log level = 10 > log file = /var/log/samba/log.%m > dns proxy = no > wins server = 172.20.200.18 172.18.200.20 > allow trusted domains = no > client use spnego = Yes > use kerberos keytab = true > winbind refresh tickets = yes > idmap cache time = 1 > winbind cache time = 1 > > It's a W2k3 AD Domain. > > Regards, > Oliver > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > __ > This email has been scanned by the MessageLabs Email Security System. > For more information please visit http://www.messagelabs.com/email > __ > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > I've noticed the same with samba 3.5.6, our administrator user has primary group name/gid Domain Admins but the primary group on our linux systems is domain users. I've noticed that searching AD for users with rfc2307/sfu attributes shows the correct gid: net ads search '(|(uidNumber=*)(gidNumber=*))' objectCategory sAMAccountName uidNumber gidNumber -P sAMAccountName: Domain Users objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=josims,DC=local gidNumber: 1 sAMAccountName: test objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=josims,DC=local uidNumber: 10009 gidNumber: 10010 The gid returned is correct, and if I change it and remove the cache file it updates, so it is definitely being read from AD, but all users have gid domain users: wbinfo -i test test:*:10009:1:test:/home/test:/bin/bash Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba-winbind 3.5.4 primary group is always domainusers!!!???
Hi, Any news regarding this problem? I have testet samba 3.5.6 and the problem still persists. I had to downgrade to 3.3 on a few machines now. Regards, Oliver -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Oliver Weinmann Sent: Donnerstag, 9. September 2010 13:13 To: samba@lists.samba.org Subject: [Samba] Samba-winbind 3.5.4 primary group is always domainusers!!!??? Dear All, I stepped over a strange issue today. I have one installation of samba winbind 3.3.2 on a Ubuntu machine. Changing the primary unix group of a user is updated immediately. On a newer samba 3.5.4 installation the primary group is not updated at all. It always displays "domain users". Is there a new setting for the smb.conf? Here is my smb.conf: [global] netbios name = gedail1 realm = SOMEDOMAIN.NET workgroup = SOMEDOMAIN security = ADS encrypt passwords = true password server = server1.somedomain.net server2.somedomain.net os level = 20 idmap backend = ad idmap config SOMEDOMAIN : backend = ad idmap config SOMEDOMAIN : schema_mode = sfu idmap config SOMEDOMAIN : range = 0- winbind nss info = sfu winbind enum users = yes winbind enum groups = yes preferred master = no winbind nested groups = Yes winbind use default domain = Yes max log size = 50 log level = 10 log file = /var/log/samba/log.%m dns proxy = no wins server = 172.20.200.18 172.18.200.20 allow trusted domains = no client use spnego = Yes use kerberos keytab = true winbind refresh tickets = yes idmap cache time = 1 winbind cache time = 1 It's a W2k3 AD Domain. Regards, Oliver -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba