[PATCH] BUILTIN\Administors

Gerald (Jerry) Carter jerry at samba.org
Wed Mar 15 00:03:03 GMT 2006

Hash: SHA1

Gerald (Jerry) Carter wrote:
> Volker,
> This is a rough patch that implements the following changes:
> * modifies create_local_nt_token() to create a BUILTIN\Administrators
>   group IFF
>   - sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'
> * Add a SID domain to the group mapping enumeration passdb call
>   to fix the checks for local and builtin groups.  The SID can be
>   NULL if you want the old semantics for internal maintenance.
>   I only updated the tdb group mapping code.
> Still todo.
> * Fix fallback Administrators membership for root and domain Admins
>   if nested groups = no or winbindd is not running

Round #2.  This one still has the todo item but does

* remove any group mapping from the tdb that have a
  gid of -1 for better consistency with pdb_ldap.c.
  The fixes the problem with calling add_group_map() in
  the tdb code for unmapped groups which might have had
  a record present.

* Ensure that we distinguish between groups in the
  BUILTIN and local machine domains via getgrnam()
  Other wise BUILTIN\Administrators & SERVER\Administrators
  would resolve to the same gid.

* Doesn't strip the global_sam_name() from groups in the
  local machine's domain (this is required to work with
  'winbind default domain' code)

I'm probably going to go ahead and check this in.  We can
continue to discuss it.  But with this code I can basically
manage users and groups on a standalone and member server.

There are a few outstanding issues with BUILTIN\Users that
Windows apparently tends to assume.  I worked around this
presently with a manual group mapping but I do not think
this is a good solution.  So I'll probably add some similar
as I did for Administrators.

cheers, jerry
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: administrators_v2.patch
Type: text/x-patch
Size: 24747 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060314/fd1d9e21/administrators_v2.bin

More information about the samba-technical mailing list