[PATCH] Re: [Samba] can not change mandatory owner to administrators
Andrew Bartlett
abartlet at samba.org
Tue Oct 16 01:09:31 MDT 2012
On Tue, 2012-10-16 at 13:17 +1100, Andrew Bartlett wrote:
> On Sat, 2012-10-13 at 19:30 +1100, Andrew Bartlett wrote:
> > On Sat, 2012-10-13 at 09:58 +0330, Mohammad Ebrahim Abravi wrote:
> > > Solved
> > >
> > > Thanks a lot
> >
> > Thanks.
> >
> > The root of the issue is this automatically generated entry in your
> > idmap.ldb:
> >
> > # record 12
> > dn: CN=S-1-5-32-544
> > cn: S-1-5-32-544
> > objectClass: sidMap
> > objectSid: S-1-5-32-544
> > type: ID_TYPE_GID
> > xidNumber: 10
> > distinguishedName: CN=S-1-5-32-544
> >
> >
> > What we need to do in your case is to remove that record, so it becomes
> > regenerated as an IDMAP_BOTH. We also need to remove the generation of
> > that record from provision.
> >
> > The issue is that as a GID, you of course can't own a file. The ntvfs
> > file server papered over this issue (didn't deal with file ownership at
> > a unix level), but the smbd file server needs to correctly set posix
> > permissions.
> >
> > I hope this clarifies things. If you can please file a bug, I'll try
> > not to forget this.
>
> The attached patch should prevent this for a new provision. Are you
> able to test if this fixes things for you (on a new test domain?)
This updated version uses the primary group of root (or the --root user)
rather than hoping that there will be a group by the same name.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-provision-No-longer-use-the-wheel-group-in-new-AD-Do.patch
Type: text/x-patch
Size: 7748 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20121016/238fef8f/attachment.bin>
More information about the samba-technical
mailing list