ctdb in autobuild broken -- ctdb depends on winbind now????

Rowland Penny repenny241155 at gmail.com
Mon Jan 9 18:55:13 UTC 2017


On Mon, 9 Jan 2017 20:38:25 +0200
Alexander Bokovoy <ab at samba.org> wrote:

> On ma, 09 tammi 2017, Rowland Penny wrote:

> > 
> > if you get a group called 'Administrator from 'getent group
> > Administrator', you are doing something wrong ;-)
> No, you are not. This is called 'user private groups' and is supported
> by other software as well -- FreeIPA defaults to this mode, actually.
> When new user is added, a corresponding group is added as well,
> visible on the nss level as the group with the same name and the same
> gid as user's uid.
> 

I have never received anything back from 'getent group Administrator',
but 'getent passwd Administrator' does return data

root at member1:~# getent group Administrator
root at member1:~# getent passwd Administrator
SAMDOM\administrator:*:0:10000::/home/SAMDOM/administrator:/bin/bash

This could have a lot to do with this in idmap.ldb:

dn: CN=S-1-5-21-1768301897-3342589593-1064908849-500
cn: S-1-5-21-1768301897-3342589593-1064908849-500
objectClass: sidMap
objectSid: S-1-5-21-1768301897-3342589593-1064908849-500
type: ID_TYPE_UID
xidNumber: 0
distinguishedName: CN=S-1-5-21-1768301897-3342589593-1064908849-500

The concept of 'user private groups' is alien to AD, you cannot have a
user and a group in AD with the same name.

Nobody has confirmed what 's4member' is, if it is a provisioned member
server, then the easiest way to fix this problem would be to remove the
test.
You only get the '3000000' numbers on a DC or a provisioned member
server and a provisioned member server just doesn't work correctly, so
why test against it, or am I missing something and if so, what ?

Rowland





More information about the samba-technical mailing list