[PATCH] s3: Lookup unknown SIDs in get_primary_group_sid

[Christof Schmitt]

steve at steve-ss.com wrote on 07/10/2012 12:13:45 AM:

> On 10/07/12 01:51, Andrew Bartlett wrote:
> > On Fri, 2012-07-06 at 13:30 -0600, Christof Schmitt wrote:
> >> christof.schmitt at us.ibm.com wrote on 06/27/2012 12:44:18 PM:
> >>
> >>> When Samba is running as AD member using winbindd for id lookups,
> >>> each user automatically gets the privilege of the group 'Domain
> >>> Users'. This happens even when the user has been removed from the
> >>> group 'Domain Users'.
> 
> Could this have anything to do with:
> https://bugzilla.samba.org/show_bug.cgi?id=8938
> 
> A file created by a user always has group ownership of Domain Users no 
> matter what acl's are set on the parent folder.

The tests i made were accessing a folder where only Domain Users
have access, but the user is not a member of Domain Users. I
don't know if the assumed primary group will be used for the
group ownership. You could verify if the same problem is hit by
setting the log level to 10 and then watch for a log message like
this one:

 passdb/lookup_sid.c:1759(get_primary_group_sid)
   Forcing Primary Group to 'Domain Users' for VIRTUAL1\testuser1

Regards,

Christof Schmitt || IBM || SONAS System Development || Tucson, AZ
christof.schmitt at us.ibm.com  ||  +1-520-799-2469  (T/L: 321-2469)