Discussion:
[Samba] UNIX attribute UID no longer increments with RSAT
l***@gmail.com
2016-08-08 12:52:39 UTC
Permalink
Hello,

I'm using rfc2307 to enable Unix attributes on my DC's. Recently
when adding a user and attempting to add a UID with the RSAT, I
receiving the following error.

'Duplicate UID. Assign a uniqueUID.'

How do I list all users and their UID? I tried using 'pdbedit' and
wbinfo. Pdbedit appears to list the XID's and wbinfo needs me to specify
a user name. I need to confirm all users have a unique UID before moving
forward to troubleshoot this issue. Thanks.
--
-James
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
l***@gmail.com
2016-08-08 13:52:52 UTC
Permalink
On Mon, 8 Aug 2016 08:52:39 -0400
Post by l***@gmail.com
Hello,
I'm using rfc2307 to enable Unix attributes on my DC's. Recently
when adding a user and attempting to add a UID with the RSAT, I
receiving the following error.
'Duplicate UID. Assign a uniqueUID.'
How do I list all users and their UID? I tried using 'pdbedit' and
wbinfo. Pdbedit appears to list the XID's and wbinfo needs me to
specify a user name. I need to confirm all users have a unique UID
before moving forward to troubleshoot this issue. Thanks.
What version of windows is this ?
When you used to add a uidNumber with the UNIX Attributes tab, the last
uid used was stored in an attribute in AD, this attribute was created
if it didn't exist, has windows stopped doing this ?
The attribute in question is 'msSFU30MaxUidNumber' (there is another
one for groups 'msSFU30MaxGidNumber') and this is stored in the AD
CN=<Your
lowercase
NETBios
domain
name>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=your,DC=dns,DC=domain
Rowland
This is with Windows 7.

I found the issue. I have another admin who creates users in AD. This
user did not have the proper permissions to update this attribute with
RSAT. I can't recall the error they received, but it mentioned not
having permissions to update this field( I will get so as to post and
update in this thread). Event though they were advised they do not have
permissions, the UID was updated in Samba anyways(Possible security
bug?). I verified it was in samba by using wbinfo.

To correct the issue, I manually incremented the new users UID to the
next available one in Samba. This allowed RSAT to automatically
increment the UID on a subsequent user I tested on.
--
-James
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
l***@gmail.com
2016-08-08 19:00:37 UTC
Permalink
On Mon, 8 Aug 2016 08:52:39 -0400
Post by l***@gmail.com
Hello,
I'm using rfc2307 to enable Unix attributes on my DC's. Recently
when adding a user and attempting to add a UID with the RSAT, I
receiving the following error.
'Duplicate UID. Assign a uniqueUID.'
How do I list all users and their UID? I tried using 'pdbedit' and
wbinfo. Pdbedit appears to list the XID's and wbinfo needs me to
specify a user name. I need to confirm all users have a unique UID
before moving forward to troubleshoot this issue. Thanks.
What version of windows is this ?
When you used to add a uidNumber with the UNIX Attributes tab, the last
uid used was stored in an attribute in AD, this attribute was created
if it didn't exist, has windows stopped doing this ?
The attribute in question is 'msSFU30MaxUidNumber' (there is another
one for groups 'msSFU30MaxGidNumber') and this is stored in the AD
CN=<Your
lowercase
NETBios
domain
name>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=your,DC=dns,DC=domain
Rowland
These are the error messages received when a user attempts to update the
UID within RSAT.

First is;

"Unable to modify the object property values.

Check your credentials.
There could be a network problem.
Active Directory could be down.
Contact your system administrator."

Followed by;

"Unable to update the maximum user ID number for the selected NIS Domain."


Using ldbedit I see the max 'msSFU30MaxUidNumber: 10152'. This UID was
just given to a user so I could receive the above error messages.

Where should I be looking to verify if this person has permission to
update the Unix attributes? Thanks.
--
-James
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Loading...