Ok, so this is the background. We have had 3 SUSE Linux servers that had been residing openly on the company intranet for the last few years. These Linux servers had been joined to a Linux LDAP server managed by the company IT division. The user accounts were all managed by the company IT division. However, recent changes to policies dictated that all of our systems be taken off company-managed LDAP and Active Directory servers, placed behind a firewall, and managed by our own internal sys admins. To comply, we set up our own internal network behind the firewall and are using Active Directory for authentication. We created Active Directory accounts for all of the existing users that commonly used these Linux servers. We obviously wanted to ensure as smooth a transition as possible for the users, so when we joined the SUSE Linux servers to the new Active Directory and created the new accounts, we made certain to preserve all of the existing Linux attributes such as UID, UID Number, GID, login shell, and home directory. The user home directories are all stored on a NAS within our internal network and remote-mounted to each Linux server.

For the most part this has worked very well and has been a fairly smooth transition. But in the last week or so, I’ve had a small handful of users complain that they have lost ownership of their home directory and the files within them. When I look at their home folders, I’m finding that the ownership of their files, folders, and sub-directories have changed to a totally new UID number. I can still do a “uid” on their login ID and it will show the correct UID number, so I’m not sure where this new UID number is coming from or why it’s happening. If the servers were intermittently losing contact with Active Directory and could no longer resolve the user’s login ID, I would have thought that the file ownership would simply revert to their existing UID number, and not this new UID number. Although, I suppose if Linux is getting the UID number from Active Directory, it may no longer “know” that UID number as well. I can manually change the ownership back easily enough, but I really need to find out why this is happening. I’ve looked through system logs files and haven’t noticed anything obvious (of course there’s so much data in these log files, it can be easy to miss something).

The Linux servers in question are all running SUSE Linux Enterprise 12 SP5 (yeah, I know its very old, but that’s not my call), and are all joined to Active Directory (10.0.17763.5458) running on Server 2019 Standard 1809. There are two redundant Active Directory servers. I reviewed network settings on the Linux and Active Directory servers to see if there were any mis-configurations, but they all looked ok to me.

Any thoughts or suggestions?