Mail Archives: cygwin/2022/01/14/05:05:19

Corinna Vinschen <corinna-cygwin AT cygwin DOT com> · Fri, 14 Jan 2022 11:04:05 +0100

On Jan 13 14:39, Chris Roehrig wrote:
> I'm trying to set up samba (standalone) following these instructions:
> 	https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-samba
> 
> but I'm having no luck getting my samba user/groups to appear correctly using the <cygwin unix="601"/> comment field as described in the document.
> 
> I'm using samba 4.13.14 on Ubuntu 20.04 with security = user (smbpasswd).   winbindd is not installed and I'm not using any LDAP or AD anywhere.
> 
> E.g. here is what is on the server (croehrig:croehrig = 601:601; cristina:cristina = 603:603)
> housesrv[3]% ls -l /House/Users
> total 17
> drwxr-xr-x  9 cristina cristina 22 Jan 12 16:06 cristina
> drwxr-xr-x 30 croehrig croehrig 53 Jan 13 09:47 croehrig
> 
> 
> Here are the ACLs and SIDs when looking on the windows client:
> tyto[5]% icacls \\\\housesrv\\Users\\\*
> \\housesrv\Users\cristina S-1-5-21-751087815-2087572193-42305691-1001:(F)
>                           S-1-22-2-603:(RX)
>                           Everyone:(RX)
> 
> \\housesrv\Users\croehrig S-1-5-21-751087815-2087572193-42305691-1000:(F)
>                           S-1-22-2-601:(RX)
>                           Everyone:(RX)
> 
> As you can see, the gid is mapping to the S-1-22-2-<gid> as described
> in the document above, but the uid is using a domain-specific SID with
> different RIDs. 

These look like your standard Windows SIDs, so they are your SIDs for
users cristina and croehrig on Windows.  They should show up as such in
ls -l output, unless the SID is actuall wrong, e. g., they map to your
accounts on another machine or something like that.

> On the windows client I have the same users and groups set up locally
> (SAM) with appropriate SID mappings to the same uid/gids (601/603) in
> the Cygwin /etc/passwd and /etc/group.     This has all been working
> well to ensure e.g. rsync preserves permissions and ownership between
> cygwin and Linux.  (The windows groups are called 'grp-croehrig' and
> 'grp-cristina' since windows users and groups share a namespace, but
> they are mapped to 'croehrig' and 'cristina' in /etc/group).
> 
> 
> Here is how the SMB share looks under Cygwin:
> tyto[6]% ls -l //housesrv/Users/
> total 0
> drwxr-xr-x 1 Unknown+User Unix_Group+603 0 Jan 12 16:06 cristina
> drwxr-xr-x 1 Unknown+User Unix_Group+601 0 Jan 13 09:47 croehrig

Sorry, but I don't quite understand.  If you have matching /etc/passwd
and /etc/group files, and your /etc/nsswitch.conf allows reading the
files, this shouldn't happen.  Are the Windows SIDs correct?  Are they
matching your machine?

Corinna

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org CE0683858401
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1642154717;
	bh=cuGm8TKKoy9V6NO5lUHOlrCP2pTsVeW3fcKZJX3d3Ak=;
	h=Date:From:To:Subject:References:In-Reply-To:List-Id:
	List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
	Reply-To:From;
	b=cy+1g/7SfnyMxqAY9JWjVO077WmcKmLxy9L91IhmszJJH9puub4Octmql5X39MK9H
	x9vxRz2hn6lv2iAn5kIsuVya6kaxDKF9btTdCiy3mXGkcpzA16cgRzeUosjyFDsXV1
	THaMKQt97PAEKysy0cySpX0KvNwMQSSnXPMs9bMo=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.1 sourceware.org 6E29B3858401
Authentication-Results:	sourceware.org;
	dmarc=fail (p=none dis=none) header.from=cygwin.com
Authentication-Results:	sourceware.org; spf=fail smtp.mailfrom=cygwin.com
Date:	Fri, 14 Jan 2022 11:04:05 +0100
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: Help with standalone samba SID-uid mapping
Message-ID:	<YeFKleBRwCZcikxb@calimero.vinschen.de>
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<064846E1-8D6D-41D2-97D9-4C3793502CEE AT house DOT org>
MIME-Version:	1.0
In-Reply-To:	<064846E1-8D6D-41D2-97D9-4C3793502CEE@house.org>
X-Provags-ID:	V03:K1:EHAePDXBGBaTBddYwN0842IGz8WWolZPTBxfJY/X+A6KPEywZQe
	uZxAOjfOG+grxMqatXdMTIvk67Q0xFkt/ZUkyXj8Ivack2YOAuRvS/dXCym0BozJ2fJ1aJb
	/0ZvnruCPBcCY395OkYx6s6wOItw2hccAzaEIPTRiWQSTeqTFO0AqblI9KO6Vd6Ycpl5Cg1
	ETI9imvZT8GqqSYq169PA==
X-UI-Out-Filterresults:	notjunk:1;V03:K0:dvwbxrt6hWg=:BGVPs7DHTNul91poSLUE2t
	Qf7sOQ6K/lnFCVMu+LBWzakvA+3V4tgnJ5wdTZfYRjpfbUSdcCoE82jDDqLVIWYSlw3qC89CJ
	jCn3hEs1VBR2SWVWGyPuGBWtKRkH/gH5A38C1fig3nj1pXRiSlZTJoXFq25QmRwVhKOdKK3Bm
	AWFBEEBHmu1eBq3piJx2W5+G49yJxGg3lhgHwsW/ta4SanWE78ejjGZUuLD4U8ORWzvgduExm
	vhhXn9bKk31GICK0wmu6/CAx0I9ReDSFcMQb03zQygxEbJaygZXiUs1+IlTlLK3VreIMPtX5F
	ji+0KKnkaMYPKILbqR88JHKIlekfwuJQ5Mswls4shMKjt9oXDAoZ2K0Vo5XP+q+yef2ja3rg+
	HlF0GAgDgr6dfsw4yS+Hn2D+5n3J3WVowl/dAi1pjVt/UHJbXujHxXYrCwGRhtVjU3NxmEcX9
	3ss4e/fV7X4o8jnebqAV4xz2rrM1HvvCq9fOUl8tlWCgRpSewD3ruoprKwF/atskVfPiDf44v
	vl+Y+1S8OjWqsz2GsDRRnKP8tJIPVKaXM+3z/wHOen9Ui2ZytxTAXMPLB8JS18WABSj3yv4P/
	QTe/uONl7irdFbLrjCkGghONsPpbE959nOuCBCDo8WDw/wLV7fiPvbwMHp9B1+cHpShMcDXgt
	O5efLteRBQlB4nbBvzjdTQ3A4JJ+OKNofD52fGSU9HQ0iaMAA9mWmkL5ByNf0zFor2wy8r/Gn
	sXS7m7yBZOqLtYNP
X-Spam-Status:	No, score=-95.7 required=5.0 tests=BAYES_00,
	GOOD_FROM_CORINNA_CYGWIN, KAM_DMARC_NONE, KAM_DMARC_STATUS, RCVD_IN_MSPIKE_H5,
	RCVD_IN_MSPIKE_WL, SPF_FAIL, SPF_HELO_NONE,
	TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version:	SpamAssassin 3.4.4 (2020-01-24) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<https://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
Reply-To:	cygwin AT cygwin DOT com
Errors-To:	cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019