From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.13]) by sourceware.org (Postfix) with ESMTPS id 6E29B3858401 for ; Fri, 14 Jan 2022 10:04:08 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 6E29B3858401 Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=cygwin.com Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=cygwin.com Received: from calimero.vinschen.de ([24.134.7.25]) by mrelayeu.kundenserver.de (mreue108 [212.227.15.183]) with ESMTPSA (Nemesis) id 1MYeZB-1mmZSn1tJ5-00VkZi for ; Fri, 14 Jan 2022 11:04:06 +0100 Received: by calimero.vinschen.de (Postfix, from userid 500) id 7A6F7A80ED6; Fri, 14 Jan 2022 11:04:05 +0100 (CET) Date: Fri, 14 Jan 2022 11:04:05 +0100 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: Help with standalone samba SID-uid mapping Message-ID: Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <064846E1-8D6D-41D2-97D9-4C3793502CEE@house.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <064846E1-8D6D-41D2-97D9-4C3793502CEE@house.org> X-Provags-ID: V03:K1:EHAePDXBGBaTBddYwN0842IGz8WWolZPTBxfJY/X+A6KPEywZQe uZxAOjfOG+grxMqatXdMTIvk67Q0xFkt/ZUkyXj8Ivack2YOAuRvS/dXCym0BozJ2fJ1aJb /0ZvnruCPBcCY395OkYx6s6wOItw2hccAzaEIPTRiWQSTeqTFO0AqblI9KO6Vd6Ycpl5Cg1 ETI9imvZT8GqqSYq169PA== X-UI-Out-Filterresults: notjunk:1;V03:K0:dvwbxrt6hWg=:BGVPs7DHTNul91poSLUE2t Qf7sOQ6K/lnFCVMu+LBWzakvA+3V4tgnJ5wdTZfYRjpfbUSdcCoE82jDDqLVIWYSlw3qC89CJ jCn3hEs1VBR2SWVWGyPuGBWtKRkH/gH5A38C1fig3nj1pXRiSlZTJoXFq25QmRwVhKOdKK3Bm AWFBEEBHmu1eBq3piJx2W5+G49yJxGg3lhgHwsW/ta4SanWE78ejjGZUuLD4U8ORWzvgduExm vhhXn9bKk31GICK0wmu6/CAx0I9ReDSFcMQb03zQygxEbJaygZXiUs1+IlTlLK3VreIMPtX5F ji+0KKnkaMYPKILbqR88JHKIlekfwuJQ5Mswls4shMKjt9oXDAoZ2K0Vo5XP+q+yef2ja3rg+ HlF0GAgDgr6dfsw4yS+Hn2D+5n3J3WVowl/dAi1pjVt/UHJbXujHxXYrCwGRhtVjU3NxmEcX9 3ss4e/fV7X4o8jnebqAV4xz2rrM1HvvCq9fOUl8tlWCgRpSewD3ruoprKwF/atskVfPiDf44v vl+Y+1S8OjWqsz2GsDRRnKP8tJIPVKaXM+3z/wHOen9Ui2ZytxTAXMPLB8JS18WABSj3yv4P/ QTe/uONl7irdFbLrjCkGghONsPpbE959nOuCBCDo8WDw/wLV7fiPvbwMHp9B1+cHpShMcDXgt O5efLteRBQlB4nbBvzjdTQ3A4JJ+OKNofD52fGSU9HQ0iaMAA9mWmkL5ByNf0zFor2wy8r/Gn sXS7m7yBZOqLtYNP X-Spam-Status: No, score=-95.7 required=5.0 tests=BAYES_00, GOOD_FROM_CORINNA_CYGWIN, KAM_DMARC_NONE, KAM_DMARC_STATUS, RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_FAIL, SPF_HELO_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jan 2022 10:04:10 -0000 On Jan 13 14:39, Chris Roehrig wrote: > I'm trying to set up samba (standalone) following these instructions: > https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-samba > > but I'm having no luck getting my samba user/groups to appear correctly using the comment field as described in the document. > > I'm using samba 4.13.14 on Ubuntu 20.04 with security = user (smbpasswd). winbindd is not installed and I'm not using any LDAP or AD anywhere. > > E.g. here is what is on the server (croehrig:croehrig = 601:601; cristina:cristina = 603:603) > housesrv[3]% ls -l /House/Users > total 17 > drwxr-xr-x 9 cristina cristina 22 Jan 12 16:06 cristina > drwxr-xr-x 30 croehrig croehrig 53 Jan 13 09:47 croehrig > > > Here are the ACLs and SIDs when looking on the windows client: > tyto[5]% icacls \\\\housesrv\\Users\\\* > \\housesrv\Users\cristina S-1-5-21-751087815-2087572193-42305691-1001:(F) > S-1-22-2-603:(RX) > Everyone:(RX) > > \\housesrv\Users\croehrig S-1-5-21-751087815-2087572193-42305691-1000:(F) > S-1-22-2-601:(RX) > Everyone:(RX) > > As you can see, the gid is mapping to the S-1-22-2- as described > in the document above, but the uid is using a domain-specific SID with > different RIDs. These look like your standard Windows SIDs, so they are your SIDs for users cristina and croehrig on Windows. They should show up as such in ls -l output, unless the SID is actuall wrong, e. g., they map to your accounts on another machine or something like that. > On the windows client I have the same users and groups set up locally > (SAM) with appropriate SID mappings to the same uid/gids (601/603) in > the Cygwin /etc/passwd and /etc/group. This has all been working > well to ensure e.g. rsync preserves permissions and ownership between > cygwin and Linux. (The windows groups are called 'grp-croehrig' and > 'grp-cristina' since windows users and groups share a namespace, but > they are mapped to 'croehrig' and 'cristina' in /etc/group). > > > Here is how the SMB share looks under Cygwin: > tyto[6]% ls -l //housesrv/Users/ > total 0 > drwxr-xr-x 1 Unknown+User Unix_Group+603 0 Jan 12 16:06 cristina > drwxr-xr-x 1 Unknown+User Unix_Group+601 0 Jan 13 09:47 croehrig Sorry, but I don't quite understand. If you have matching /etc/passwd and /etc/group files, and your /etc/nsswitch.conf allows reading the files, this shouldn't happen. Are the Windows SIDs correct? Are they matching your machine? Corinna