Gerald (Jerry) Carter
jerry at samba.org
Wed Mar 15 00:03:03 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Gerald (Jerry) Carter wrote:
> This is a rough patch that implements the following changes:
> * modifies create_local_nt_token() to create a BUILTIN\Administrators
> group IFF
> - sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'
> * Add a SID domain to the group mapping enumeration passdb call
> to fix the checks for local and builtin groups. The SID can be
> NULL if you want the old semantics for internal maintenance.
> I only updated the tdb group mapping code.
> Still todo.
> * Fix fallback Administrators membership for root and domain Admins
> if nested groups = no or winbindd is not running
Round #2. This one still has the todo item but does
* remove any group mapping from the tdb that have a
gid of -1 for better consistency with pdb_ldap.c.
The fixes the problem with calling add_group_map() in
the tdb code for unmapped groups which might have had
a record present.
* Ensure that we distinguish between groups in the
BUILTIN and local machine domains via getgrnam()
Other wise BUILTIN\Administrators & SERVER\Administrators
would resolve to the same gid.
* Doesn't strip the global_sam_name() from groups in the
local machine's domain (this is required to work with
'winbind default domain' code)
I'm probably going to go ahead and check this in. We can
continue to discuss it. But with this code I can basically
manage users and groups on a standalone and member server.
There are a few outstanding issues with BUILTIN\Users that
Windows apparently tends to assume. I worked around this
presently with a manual group mapping but I do not think
this is a good solution. So I'll probably add some similar
as I did for Administrators.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 24747 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060314/fd1d9e21/administrators_v2.bin
More information about the samba-technical