Gerald (Jerry) Carter
jerry at samba.org
Tue Jul 1 05:44:25 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Andrew B., Simo, or someone,
I've found the cause of this bug. It is the call to sid_to_gid()
in make_server_info_sam(). Probably appears elsewhere as well.
When using an ldapsam backend, if the sambaPrimaryGroupSID is unmapped,
we'll drop back to the algorithm is generating gids.
We seem to set DOMAIN_GROUP_USERS as the primary group for new
entries in several backends. Do we even really need this attribute?
Shouldn't we be deriving it from the primary UNIX group of the user
and let the group mapping handle things. We can store it in SAM_ACCOUNT
for quickness. That's ok. But actually storing a SID that may not be
mapped to the user's primary UNIX group seems inconsistent with other
Can one of you convince me that we we shouldn't just throw away this
attribute value in the code and just generate the SID from the primary
gid of the user? As it stands now, it is possible (and probable
in default installations) that the group membership Samba is using does
not match the UNIX group membership of the user.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
-----END PGP SIGNATURE-----
More information about the samba-technical