[Samba] [PATCH] Re: can not change mandatory owner to administrators

Mohammad Ebrahim Abravi lamp.mia at gmail.com
Wed Oct 31 03:40:08 MDT 2012


Hello

Remove This Record and  problem solved without add "server services = +smb
-s3fs " and " dcerpc endpoint servers = +winreg +srvsvc" to smb.conf

idmap.ldb:

dn: CN=S-1-5-32-544
cn: S-1-5-32-544
objectClass: sidMap
objectSid: S-1-5-32-544
type: ID_TYPE_GID
xidNumber: 10
distinguishedName: CN=S-1-5-32-544**

*Note: BUG : Upgrade To samba rc4 and run samba-tool dbcheck but not fix
this record ;*



On Tue, Oct 16, 2012 at 10:39 AM, Andrew Bartlett <abartlet at samba.org>wrote:

> On Tue, 2012-10-16 at 13:17 +1100, Andrew Bartlett wrote:
> > On Sat, 2012-10-13 at 19:30 +1100, Andrew Bartlett wrote:
> > > On Sat, 2012-10-13 at 09:58 +0330, Mohammad Ebrahim Abravi wrote:
> > > > Solved
> > > >
> > > > Thanks a lot
> > >
> > > Thanks.
> > >
> > > The root of the issue is this automatically generated entry in your
> > > idmap.ldb:
> > >
> > > # record 12
> > > dn: CN=S-1-5-32-544
> > > cn: S-1-5-32-544
> > > objectClass: sidMap
> > > objectSid: S-1-5-32-544
> > > type: ID_TYPE_GID
> > > xidNumber: 10
> > > distinguishedName: CN=S-1-5-32-544
> > >
> > >
> > > What we need to do in your case is to remove that record, so it becomes
> > > regenerated as an IDMAP_BOTH.  We also need to remove the generation of
> > > that record from provision.
> > >
> > > The issue is that as a GID, you of course can't own a file.  The ntvfs
> > > file server papered over this issue (didn't deal with file ownership at
> > > a unix level), but the smbd file server needs to correctly set posix
> > > permissions.
> > >
> > > I hope this clarifies things.  If you can please file a bug, I'll try
> > > not to forget this.
> >
> > The attached patch should prevent this for a new provision.  Are you
> > able to test if this fixes things for you (on a new test domain?)
>
> This updated version uses the primary group of root (or the --root user)
> rather than hoping that there will be a group by the same name.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
>
>


More information about the samba mailing list