[PATCH] Re: [Samba] can not change mandatory owner to administrators
Andrew Bartlett
abartlet at samba.org
Mon Oct 15 20:17:50 MDT 2012
On Sat, 2012-10-13 at 19:30 +1100, Andrew Bartlett wrote:
> On Sat, 2012-10-13 at 09:58 +0330, Mohammad Ebrahim Abravi wrote:
> > Solved
> >
> > Thanks a lot
>
> Thanks.
>
> The root of the issue is this automatically generated entry in your
> idmap.ldb:
>
> # record 12
> dn: CN=S-1-5-32-544
> cn: S-1-5-32-544
> objectClass: sidMap
> objectSid: S-1-5-32-544
> type: ID_TYPE_GID
> xidNumber: 10
> distinguishedName: CN=S-1-5-32-544
>
>
> What we need to do in your case is to remove that record, so it becomes
> regenerated as an IDMAP_BOTH. We also need to remove the generation of
> that record from provision.
>
> The issue is that as a GID, you of course can't own a file. The ntvfs
> file server papered over this issue (didn't deal with file ownership at
> a unix level), but the smbd file server needs to correctly set posix
> permissions.
>
> I hope this clarifies things. If you can please file a bug, I'll try
> not to forget this.
The attached patch should prevent this for a new provision. Are you
able to test if this fixes things for you (on a new test domain?)
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-provision-No-longer-use-the-wheel-group-in-new-AD-Do.patch
Type: text/x-patch
Size: 7806 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20121016/7facf9df/attachment.bin>
More information about the samba-technical
mailing list