How shall I fix the multiple uidNumbers
in [Samba]
|
From: Gaiseric Vandal on 12 Jun 2010 17:20 Do you even need root in ldap? Root should be in /etc/passwd, I don't see why you need it in LDAP as well unless root is also a samba account. Which I don't think you would need. -----Original Message----- From: samba-bounces(a)lists.samba.org [mailto:samba-bounces(a)lists.samba.org] On Behalf Of Alex Domoradov Sent: Thursday, June 10, 2010 4:38 PM To: samba(a)lists.samba.org Subject: [Samba] How shall I fix the multiple uidNumbers When I run check_multiple_LDAP_entries.pl script I get the following message: # perl check_multiple_LDAP_entries.pl -h localhost -b dc=w3,dc=lan -D cn=root,dc=w3,dc=lan -w 1234567 -l testing for multiple sambaSids No multiple sambaSids found in your system ---------------------------------------------------------------------------- ---- testing for multiple gidNumbers No multiple gidNumbers found in your system ---------------------------------------------------------------------------- ---- testing for multiple uidNumbers Warning: There is a user in /etc/passwd that has uidNumber [0] as well This entry may conflict with uid=root,ou=System,ou=users,dc=w3,dc=lan You have 1 bad uidNumbers in your system. You might need to repair them The problem is because of the system root uid/gid is 0, the same as root in LDAP. # id root uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) # wbinfo -i root root:*:0:0:root:/home/W3/root:/bin/false How shall I fix the collision? Or shall I just ignore this warning message? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Alex Domoradov on 13 Jun 2010 17:00 > From: "Gaiseric Vandal" <gaiseric.vandal(a)gmail.com> > To: <samba(a)lists.samba.org> > Date: Sat, 12 Jun 2010 17:18:02 -0400 > Subject: Re: [Samba] How shall I fix the multiple uidNumbers > Do you even need root in ldap? > That is the very thing I'd like to find out ;) Root should be in /etc/passwd, I don't see why you need it in LDAP as well > unless root is also a samba account. Which I don't think you would need. > > But at the same time I see the following message in my samba log [2010/06/11 10:22:36, 3] lib/util_sid.c:228(string_to_sid) string_to_sid: Sid root does not start with 'S-'. [2010/06/11 10:22:36, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: root [2010/06/11 10:22:36, 3] passdb/pdb_ldap.c:5191(ldapsam_gid_to_sid) ERROR: Got 0 entries for gid 0, expected one Should I ignore this error? The user root with uid/gid 0 was created automatically with command from smbldap-tools # smbldap-populate Shell I delete them manually? I have already created the user and granted him all the privileges # id w3da uid=1339(w3da) gid=512(Domain Admins) groups=512(Domain Admins) # net rpc rights list accounts w3da Enter root's password: SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Gaiseric Vandal on 13 Jun 2010 17:50 Does smbldap-populate create an samba account for all users in /etc/passwd? I can't see why it would need a root account. But I have never used smbldap-populate (I mostly used custom scripts to migrate data.) I would delete the root entry in ldap to see what happens. Just be prepared to restore it quickly if it breaks something. I am guessing that it didn't create a group with gid 0. I would expect that warning to go away once you delete the samba/ldap root account. Is this samba 3.x or 4.x? -----Original Message----- From: samba-bounces(a)lists.samba.org [mailto:samba-bounces(a)lists.samba.org] On Behalf Of Alex Domoradov Sent: Sunday, June 13, 2010 4:52 PM To: samba(a)lists.samba.org Subject: Re: [Samba] How shall I fix the multiple uidNumbers > From: "Gaiseric Vandal" <gaiseric.vandal(a)gmail.com> > To: <samba(a)lists.samba.org> > Date: Sat, 12 Jun 2010 17:18:02 -0400 > Subject: Re: [Samba] How shall I fix the multiple uidNumbers > Do you even need root in ldap? > That is the very thing I'd like to find out ;) Root should be in /etc/passwd, I don't see why you need it in LDAP as well > unless root is also a samba account. Which I don't think you would need. > > But at the same time I see the following message in my samba log [2010/06/11 10:22:36, 3] lib/util_sid.c:228(string_to_sid) string_to_sid: Sid root does not start with 'S-'. [2010/06/11 10:22:36, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: root [2010/06/11 10:22:36, 3] passdb/pdb_ldap.c:5191(ldapsam_gid_to_sid) ERROR: Got 0 entries for gid 0, expected one Should I ignore this error? The user root with uid/gid 0 was created automatically with command from smbldap-tools # smbldap-populate Shell I delete them manually? I have already created the user and granted him all the privileges # id w3da uid=1339(w3da) gid=512(Domain Admins) groups=512(Domain Admins) # net rpc rights list accounts w3da Enter root's password: SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Alex Domoradov on 14 Jun 2010 16:50 From: "Gaiseric Vandal" <gaiseric.vandal(a)gmail.com> To: <samba(a)lists.samba.org> Date: Sun, 13 Jun 2010 17:44:29 -0400 Subject: Re: [Samba] How shall I fix the multiple uidNumbers > Does smbldap-populate create an samba account for all users in /etc/passwd? I don't now exactly, it seems to create predefined account/group root (Administrator), nobody (guest), Domain admins, Domain users, Domain computers and Builtin\Users > I can't see why it would need a root account. But I have never used > smbldap-populate (I mostly used custom scripts to migrate data.) I would > delete the root entry in ldap to see what happens. Just be prepared to > restore it quickly if it breaks something. :) > I am guessing that it didn't create a group with gid 0. I would expect that > warning to go away once you delete the samba/ldap root account. ok, I will try it > Is this samba 3.x or 4.x? CentOS-5.5 # smbd -V Version 3.4.7 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: [Samba] Samba4 and account policy Next: Problems logging windows machines |