Domain Admins as a GID only and classicupgrade
Andrew Bartlett
abartlet at samba.org
Wed Aug 29 02:27:33 MDT 2012
On Wed, 2012-08-29 at 03:21 -0500, Ricky Nance wrote:
> Andrew, there is still an ACL bug in classicupgrade (more in ntacls.py
> I beleive because samba-tool ntacl sysvolreset breaks similar to
> this), not sure if you want this out before you drop beta 8 or not,
> but here is the error. http://paste.ubuntu.com/1173392/ Let me know
> what else I can get for you.
The issue here is annoyingly fundamental, rather than a simple fix.
The problem is that we need to make some files become owned by 'domain
administrators', but the imported idmap has a GID for the -512 group.
Because it won't map to a UID, we can't chown the file and it all falls
flat.
The fix is to find a way to map it to both on the input side, and store
that mapping on the output side (as we decided to fill it in to the
rfc2307 uidNumber/gidNumber, and there isn't an established way to say
'both' in that schema).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list