samba-users May 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: [Samba] losing AD user & group information

[Samba] losing AD user & group information

From: Mike Rambo <mrambo_at_nospam>
Date: Thu May 06 2010 - 14:32:04 GMT
To: Samba List <samba@lists.samba.org>

Hello,

A few weeks ago we started joining some remote servers to our AD domain
as member servers. Several times now we have come back to them and found
ownership settings missing like the following.

[root@franks-dc1 opt]# ll
total 72
drwxrws---+ 3 14505 10013 4096 Nov 28 2006 appinstalls
drwxrws---+ 2 14505 10010 4096 Aug 3 2004 bldgshrs
drwxrwsr-x+ 2 14505 10011 4096 Aug 3 2004 lessons
drwx------ 2 root root 16384 Jul 8 2004 lost+found
drwxrwsr-x+ 3 14505 10013 4096 Feb 27 2009 netapps
drwxrwsr-x+ 3 14505 10013 4096 Mar 25 08:53 netlogon
drwxrwsr-x+ 4 14505 10013 4096 Aug 2 2007 printers
drwsrwsrwx+ 5 nobody 10005 4096 Apr 20 10:39 public

They should be like:

[root@franks-dc1 home]# ll /opt
total 72
drwxrws---+ 3 LPSD+cisitadmin LPSD+enterprise admins 4096 Nov 28 2006
appinstalls
drwxrws---+ 2 LPSD+cisitadmin LPSD+franks-staff 4096 Aug 3 2004
bldgshrs
drwxrwsr-x+ 2 LPSD+cisitadmin LPSD+franks-teachers 4096 Aug 3 2004
lessons
drwx------ 2 root root 16384 Jul 8 2004
lost+found
drwxrwsr-x+ 3 LPSD+cisitadmin LPSD+enterprise admins 4096 Feb 27 2009
netapps
drwxrwsr-x+ 3 LPSD+cisitadmin LPSD+enterprise admins 4096 Mar 25 08:53
netlogon
drwxrwsr-x+ 4 LPSD+cisitadmin LPSD+enterprise admins 4096 Aug 2 2007
printers
drwsrwsrwx+ 5 nobody LPSD+domain users 4096 Apr 20 10:39
public

This problem is affecting ACL's too.

[root@franks-dc1 home]# getfacl /opt/appinstalls/
getfacl: Removing leading '/' from absolute path names
# file: opt/appinstalls
# owner: LPSD+cisitadmin
# group: LPSD+enterprise\040admins
user::rwx
group::rwx
other::---
default:user::rwx
default:user:14505:rwx
default:group::---
default:group:10013:rwx
default:mask::rwx
default:other::---

I assume this must have something to do with idmap & winbind but does
anyone know more about why this is happening and what to do about it?

Thanks.

our smb.conf

[global]
    workgroup = LPSD
    netbios name = FRANKS-DC1
    realm = LPSD.LOCAL
    server string = Samba PDC %v
    printcap name = CUPS
    load printers = yes
    printing = cups
    printcap = cups
    log file = /var/log/samba/log.%m
    log level = 1
    max log size = 100
    security = ADS
    syslog = 0
    ldap ssl = no
    template shell = /bin/bash
    winbind separator = +
    winbind enum users = yes
    winbind enum groups = yes
    enable privileges = yes
    allow trusted domains = No
    idmap backend = idmap_rid:LPSD=500-500000000
    idmap uid = 500-500000000
    idmap gid = 500-500000000
    winbind nested groups = Yes
    encrypt passwords = yes
    smb passwd file = /etc/samba/smbpasswd
    passdb backend = tdbsam
    username map = /etc/samba/smbusers
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
    deadtime = 5
    os level = 63
    preferred master = yes
    logon home =
    logon path =
    wins support = yes
    dns proxy = no

[homes]
    comment = Home Directories
    browseable = no
    writable = yes
    create mask = 0770
    directory mask = 0770
    nt acl support = yes

[printers]
    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = no
    writable = no
    nt acl support = yes
    printable = yes
    admin users = @"LPSD+enterprise admins", @"LPSD+domain admins"
    valid users = @"LPSD+domain users"
    write list = @"LPSD+domain users"

[print$]
    comment = Printer Driver Download Area
    path = /opt/printers
    browseable = no
    guest ok = yes
    read only = yes
    nt acl support = yes
    admin users = @"LPSD+enterprise admins", @"LPSD+domain admins"
    valid users = @"LPSD+domain users"
    write list = @"LPSD+enterprise admins", @LPSD+technicians, root, @adm

[Public]
    comment = Public Stuff
    path = /opt/public
    public = yes
    guest ok = yes
    writable = yes
    create mask = 0777
    directory mask = 0777
    force security mode = 0
    directory security mask = 0777
    force directory security mode = 0
    browseable = yes
    printable = no
    nt acl support = yes
    admin users = @"LPSD+enterprise admins", @"LPSD+domain admins"
    valid users = @"LPSD+domain users"
    write list = @"LPSD+domain users"

[NetApps]
    path = /opt/netapps
    comment = Applications Folder
    create mask = 0777
    directory mask = 0777
    force security mode = 0
    directory security mask = 0777
    force directory security mode = 0
    writable = yes
    printable = no
    nt acl support = yes
    admin users = @"LPSD+enterprise admins", @"LPSD+domain admins"
    valid users = @"LPSD+domain users"
    write list = @"LPSD+domain users"
Lessons]
    path = /opt/lessons
    comment = Teacher Lessons
    create mask = 0777
    directory mask = 0777
    force security mode = 0
    directory security mask = 0777
    force directory security mode = 0
    read only = yes
    printable = no
    nt acl support = yes
    acl map full control = yes
    admin users = @"LPSD+enterprise admins", @"LPSD+domain admins"
    valid users = @LPSD+franks-students, @LPSD+franks-teachers,
@LPSD+franks-staff, @"LPSD+Enterprise Admins", @LPSD+technicians,
@LPSD+netmgrs
    write list = @LPSD+franks-teachers, @LPSD+franks-staff,
@"LPSD+Enterprise Admins", @LPSD+technicians, @LPSD+netmgrs

    read list = @LPSD+franks-students

[Bldgshare]
    path = /opt/bldgshrs
    comment = Building share
    create mask = 0777
    directory mask = 0777
    force security mode = 0
    directory security mask = 0777
    force directory security mode = 0
    read only = yes
    printable = no
    nt acl support = yes
    admin users = @"LPSD+enterprise admins", @"LPSD+domain admins"
    valid users = @LPSD+franks-teachers, @LPSD+franks-staff,
@"LPSD+Enterprise Admins", @LPSD+technicians, @LPSD+netmgrs
    write list = @LPSD+franks-teachers, @LPSD+franks-staff,
@"LPSD+Enterprise Admins", @LPSD+technicians, @LPSD+netmgrs

[AppInstalls]
    path = /opt/appinstalls
    comment = network application install directory
    create mask = 0777
    directory mask = 0777
    force security mode = 0
    directory security mask = 0777
    force directory security mode = 0
    read only = yes
    printable = no
    nt acl support = yes
    admin users = @"LPSD+enterprise admins", @"LPSD+domain admins"
    valid users = @"LPSD+Enterprise Admins", @LPSD+technicians,
@LPSD+netmgrs
    write list = @"LPSD+Enterprise Admins", @LPSD+technicians

-- Mike Rambo NOTE: In order to control energy costs the light at the end of the tunnel has been shut off until further notice... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba