[PATCH] Support force user when the user's group sid is a wellknown/builtin

Andreas Schneider asn at samba.org
Mon Nov 23 15:28:01 UTC 2015

On Wednesday 18 November 2015 10:20:02 Uri Simchoni wrote:
> Hi,
> This patch provides a more consistent handling of users with a primary
> group that maps to a wellknown SID.
> When considering a local user (more precisely, one whose SamInfo3 is
> constructed locally rather than received from a domain controller), it
> is conceivable that the user's UNIX primary gid is mapped to a
> well-known or builtin SID.
> If such a user logs on, the logon succeeds, and the SamInfo3 that's
> created during the logon has an RID of 513 (domain users). OTOH, if a
> different user logs on and connects to a share with a "force user"
> pointing to that user, the tree-connect fails with a NT_STATUS_INVALID_SID.
> For consistency, this needs fixing and the fix here is for the
> tree-connect to succeed.
> This can be viewed as an extension of
> https://bugzilla.samba.org/show_bug.cgi?id=11044 from supporting
> unix-user SIDs to supporting to well-known SIDs as well.
> Review/push appreciated.

Great work! We really need more tests in this area. We had far too many 

Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org

More information about the samba-technical mailing list