pdb_search_aliases() and group types
Gerald (Jerry) Carter
jerry at samba.org
Tue Mar 14 18:02:27 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Volker,
The SID_NAME_WKN_GRP type should be applied for well known SIDs
and not the builtin domain. Things like S-1-1-0 (everyone),
S-1-5-11 (Authenticated Users) and S-1-5-2 (Network).
Both the builtin and local groups should show as SID_NAME_ALIAS.
$ rpcclient breeze -U ... -c 'lookupsids S-1-5-32-544 \
S-1-5-21-789336058-1708537768-839522115-1006'
S-1-5-32-544 BUILTIN\Administrators (4)
S-1-5-21-789336058-1708537768-839522115-1006 BREEZE\Mygroup (4)
However, our search interface is based on the group type
rather than the authoritative domain. So with this configuration
$ net groupmap list verbose
localgrp
SID : S-1-5-21-621598136-2167367217-3215645308-21000
Unix gid : 10023
Unix group: localgrp
Group type: Local Group
Comment : Test local group
sysadmin
SID : S-1-5-21-621598136-2167367217-3215645308-21002
Unix gid : 10025
Unix group: sysadmin
Group type: Local Group
Comment :
Administrators
SID : S-1-5-32-544
Unix gid : 10026
Unix group: BUILTIN\administrators
Group type: Local Group
Comment :
Linux Users
SID : S-1-5-21-621598136-2167367217-3215645308-21005
Unix gid : 100
Unix group: users
Group type: Domain Group
Comment : Domain Unix group
The searches fail like so.
$ rpcclient rhel4 -U ... -c 'enumalsgroups domain'
group:[localgrp] rid:[0x5208]
group:[sysadmin] rid:[0x520a]
group:[Administrators] rid:[0x220]
$ rpcclient rhel4 -U ... -c 'enumalsgroups builtin'
$ rpcclient rhel4 -U ... -c 'enumdomgroups'
group:[Linux Users] rid:[0x520d]
Granted that 'Linux Users' should be an ALIAS and not a Domain group.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEFwUzIR7qMdg1EfYRAlEaAKCCjFgshWpKAUhgI+XIjS3zMMkkHgCg11Ke
udlbYNeHB1fR27vXXrhiRJQ=
=wtqh
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list