pdb: Default for "is_responsible_for_wellknown"
Uri Simchoni
urisimchoni at gmail.com
Tue Jul 21 07:16:54 UTC 2015
Hi all,
In pdb_interface.c there is the notion of
"is_responsible_for_{our_sam,builtin,wellknown,...}" that controls the
types of SIDs a PDB backend would translate into UNIX ids.
The default for well-known SIDs (e.g. \Everyone, NT
Authority\Authenticated Users) is false, whereas the default for
builtin SIDs (BUILTIN\administrators, ...) is true, and I'm wondering
why this is different. Both types of SIDs, by default, use local group
mapping database to do do a SID->id translation so it should work for
both (IOW, I'm interested in changing the default for well-known to
true as well).
The use case for me for this is to add a certain unix group to running
smbd processes - by group-mapping S-1-1-0 (Everyone) to a unix group.
However this fails because samba wouldn't translate well-known SIDs in
PDB's tdb backend.
Thanks,
Uri.
More information about the samba-technical
mailing list