X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CE0683858401 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1642154717; bh=cuGm8TKKoy9V6NO5lUHOlrCP2pTsVeW3fcKZJX3d3Ak=; h=Date:From:To:Subject:References:In-Reply-To:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Reply-To:From; b=cy+1g/7SfnyMxqAY9JWjVO077WmcKmLxy9L91IhmszJJH9puub4Octmql5X39MK9H x9vxRz2hn6lv2iAn5kIsuVya6kaxDKF9btTdCiy3mXGkcpzA16cgRzeUosjyFDsXV1 THaMKQt97PAEKysy0cySpX0KvNwMQSSnXPMs9bMo= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 6E29B3858401 Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=cygwin.com Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=cygwin.com Date: Fri, 14 Jan 2022 11:04:05 +0100 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: Help with standalone samba SID-uid mapping Message-ID: Mail-Followup-To: cygwin AT cygwin DOT com References: <064846E1-8D6D-41D2-97D9-4C3793502CEE AT house DOT org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <064846E1-8D6D-41D2-97D9-4C3793502CEE@house.org> X-Provags-ID: V03:K1:EHAePDXBGBaTBddYwN0842IGz8WWolZPTBxfJY/X+A6KPEywZQe uZxAOjfOG+grxMqatXdMTIvk67Q0xFkt/ZUkyXj8Ivack2YOAuRvS/dXCym0BozJ2fJ1aJb /0ZvnruCPBcCY395OkYx6s6wOItw2hccAzaEIPTRiWQSTeqTFO0AqblI9KO6Vd6Ycpl5Cg1 ETI9imvZT8GqqSYq169PA== X-UI-Out-Filterresults: notjunk:1;V03:K0:dvwbxrt6hWg=:BGVPs7DHTNul91poSLUE2t Qf7sOQ6K/lnFCVMu+LBWzakvA+3V4tgnJ5wdTZfYRjpfbUSdcCoE82jDDqLVIWYSlw3qC89CJ jCn3hEs1VBR2SWVWGyPuGBWtKRkH/gH5A38C1fig3nj1pXRiSlZTJoXFq25QmRwVhKOdKK3Bm AWFBEEBHmu1eBq3piJx2W5+G49yJxGg3lhgHwsW/ta4SanWE78ejjGZUuLD4U8ORWzvgduExm vhhXn9bKk31GICK0wmu6/CAx0I9ReDSFcMQb03zQygxEbJaygZXiUs1+IlTlLK3VreIMPtX5F ji+0KKnkaMYPKILbqR88JHKIlekfwuJQ5Mswls4shMKjt9oXDAoZ2K0Vo5XP+q+yef2ja3rg+ HlF0GAgDgr6dfsw4yS+Hn2D+5n3J3WVowl/dAi1pjVt/UHJbXujHxXYrCwGRhtVjU3NxmEcX9 3ss4e/fV7X4o8jnebqAV4xz2rrM1HvvCq9fOUl8tlWCgRpSewD3ruoprKwF/atskVfPiDf44v vl+Y+1S8OjWqsz2GsDRRnKP8tJIPVKaXM+3z/wHOen9Ui2ZytxTAXMPLB8JS18WABSj3yv4P/ QTe/uONl7irdFbLrjCkGghONsPpbE959nOuCBCDo8WDw/wLV7fiPvbwMHp9B1+cHpShMcDXgt O5efLteRBQlB4nbBvzjdTQ3A4JJ+OKNofD52fGSU9HQ0iaMAA9mWmkL5ByNf0zFor2wy8r/Gn sXS7m7yBZOqLtYNP X-Spam-Status: No, score=-95.7 required=5.0 tests=BAYES_00, GOOD_FROM_CORINNA_CYGWIN, KAM_DMARC_NONE, KAM_DMARC_STATUS, RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_FAIL, SPF_HELO_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: cygwin AT cygwin DOT com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com Sender: "Cygwin" On Jan 13 14:39, Chris Roehrig wrote: > I'm trying to set up samba (standalone) following these instructions: > https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-samba > > but I'm having no luck getting my samba user/groups to appear correctly using the comment field as described in the document. > > I'm using samba 4.13.14 on Ubuntu 20.04 with security = user (smbpasswd). winbindd is not installed and I'm not using any LDAP or AD anywhere. > > E.g. here is what is on the server (croehrig:croehrig = 601:601; cristina:cristina = 603:603) > housesrv[3]% ls -l /House/Users > total 17 > drwxr-xr-x 9 cristina cristina 22 Jan 12 16:06 cristina > drwxr-xr-x 30 croehrig croehrig 53 Jan 13 09:47 croehrig > > > Here are the ACLs and SIDs when looking on the windows client: > tyto[5]% icacls \\\\housesrv\\Users\\\* > \\housesrv\Users\cristina S-1-5-21-751087815-2087572193-42305691-1001:(F) > S-1-22-2-603:(RX) > Everyone:(RX) > > \\housesrv\Users\croehrig S-1-5-21-751087815-2087572193-42305691-1000:(F) > S-1-22-2-601:(RX) > Everyone:(RX) > > As you can see, the gid is mapping to the S-1-22-2- as described > in the document above, but the uid is using a domain-specific SID with > different RIDs. These look like your standard Windows SIDs, so they are your SIDs for users cristina and croehrig on Windows. They should show up as such in ls -l output, unless the SID is actuall wrong, e. g., they map to your accounts on another machine or something like that. > On the windows client I have the same users and groups set up locally > (SAM) with appropriate SID mappings to the same uid/gids (601/603) in > the Cygwin /etc/passwd and /etc/group. This has all been working > well to ensure e.g. rsync preserves permissions and ownership between > cygwin and Linux. (The windows groups are called 'grp-croehrig' and > 'grp-cristina' since windows users and groups share a namespace, but > they are mapped to 'croehrig' and 'cristina' in /etc/group). > > > Here is how the SMB share looks under Cygwin: > tyto[6]% ls -l //housesrv/Users/ > total 0 > drwxr-xr-x 1 Unknown+User Unix_Group+603 0 Jan 12 16:06 cristina > drwxr-xr-x 1 Unknown+User Unix_Group+601 0 Jan 13 09:47 croehrig Sorry, but I don't quite understand. If you have matching /etc/passwd and /etc/group files, and your /etc/nsswitch.conf allows reading the files, this shouldn't happen. Are the Windows SIDs correct? Are they matching your machine? Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple