Fwd: Re: s4: new classicupgrade and uids
Sergey Urushkin
urushkin at telros.ru
Wed Aug 8 01:01:13 MDT 2012
Hi.
Some time ago I sent the patch to the list, but didn't get answer. For
better readability it's attached again.
The problem with it now is that it may set administrator uid to non-zero
value (what will break GP editing, until appropriate posix acls is set.
As a workaround - chown -R administrator path/to/sysvol). It may need
additional warning message.
Also, please, take a look at the end of the message, there is a problem
which will likely appear sooner or later with some installation.
What's your thoughts about all these?
Thanks.
-------- Исходное сообщение --------
Тема: Re: s4: new classicupgrade and uids
Дата: Tue, 24 Jul 2012 11:57:31 +0400
От: Sergey Urushkin <urushkin at telros.ru>
Кому: Andrew Bartlett <abartlet at samba.org>
Копия: Samba technical <samba-technical at lists.samba.org>
22.06.2012 14:04, Andrew Bartlett пишет:
> On Fri, 2012-06-22 at 13:42 +0400, Sergey Urushkin wrote:
>
>
> 22.06.2012 12:11, Andrew Bartlett написал:
>>> On Thu, 2012-06-21 at 16:43 +0400, Sergey Urushkin wrote:
>>>> 2. 'Administrator' hasn't got an uidNumber (while it had it in
>>>> openldap), so it makes me map it manually. Is it a bug or feature?
>>> Simply a bug.
>> As I wrote in another branch - 'guest' is also affected. Should I write
>> report, or it'll be fixed in place soon?
Hi, here is the patch that fixes this issue:
--- upgrade.py.orig 2012-07-23 09:25:27.000000000 +0400
+++ upgrade.py 2012-07-24 11:40:58.107080685 +0400
@@ -675,8 +675,9 @@
continue
username = entry['account_name']
if entry['rid'] < 1000:
- logger.info(" Skipping wellknown rid=%d (for
username=%s)", entry['rid'], username)
- continue
+ if username.lower() != 'administrator' and username.lower()
!= 'guest' and username.lower() != 'krbtgt':
+ logger.info(" Skipping wellknown rid=%d (for
username=%s)", entry['rid'], username.lower())
+ continue
if entry['rid'] >= next_rid:
next_rid = entry['rid'] + 1
@@ -866,7 +867,11 @@
else:
logger.warn('User root has been kept in the directory,
it should be removed in favour of the Administrator user')
- s4_passdb.add_sam_account(userdata[username])
+ if username.lower() == 'administrator' or username.lower() ==
'guest' or username.lower() == 'krbtgt':
+ logger.warn(" Skipping wellknown provisioned user '%s'",
username)
+ else:
+ s4_passdb.add_sam_account(userdata[username])
+
if username in uids:
add_ad_posix_idmap_entry(result.samdb,
userdata[username].user_sid, uids[username], "ID_TYPE_UID", logger)
if (username in homes) and (homes[username] != None) and \
Also, I have to say that "if entry['rid'] < 1000:" check gives an error
at the "adding users to groups" stage (nonexisting user). Ways to solve it:
1. Stop provision with error if such accounts exist (think it's the best)
2. Add some workaround to the function that lists members
3. Remove this check.
Thanks.
--
Best regards,
Sergey Urushkin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: upgrade.patch
Type: text/x-patch
Size: 1399 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120808/dc1faa38/attachment.bin>
More information about the samba-technical
mailing list