ctdb in autobuild broken -- ctdb depends on winbind now????
Alexander Bokovoy
ab at samba.org
Mon Jan 9 19:21:58 UTC 2017
On ma, 09 tammi 2017, Rowland Penny wrote:
> On Mon, 9 Jan 2017 20:38:25 +0200
> Alexander Bokovoy <ab at samba.org> wrote:
>
> > On ma, 09 tammi 2017, Rowland Penny wrote:
>
> > >
> > > if you get a group called 'Administrator from 'getent group
> > > Administrator', you are doing something wrong ;-)
> > No, you are not. This is called 'user private groups' and is supported
> > by other software as well -- FreeIPA defaults to this mode, actually.
> > When new user is added, a corresponding group is added as well,
> > visible on the nss level as the group with the same name and the same
> > gid as user's uid.
> >
>
> I have never received anything back from 'getent group Administrator',
> but 'getent passwd Administrator' does return data
>
> root at member1:~# getent group Administrator
> root at member1:~# getent passwd Administrator
> SAMDOM\administrator:*:0:10000::/home/SAMDOM/administrator:/bin/bash
>
> This could have a lot to do with this in idmap.ldb:
>
> dn: CN=S-1-5-21-1768301897-3342589593-1064908849-500
> cn: S-1-5-21-1768301897-3342589593-1064908849-500
> objectClass: sidMap
> objectSid: S-1-5-21-1768301897-3342589593-1064908849-500
> type: ID_TYPE_UID
> xidNumber: 0
> distinguishedName: CN=S-1-5-21-1768301897-3342589593-1064908849-500
>
> The concept of 'user private groups' is alien to AD, you cannot have a
> user and a group in AD with the same name.
The concept of POSIX groups and users is alien to AD, to be sure.
UPG is conceptually ID_TYPE_BOTH to be able to map SID to both UID and
GID.
> Nobody has confirmed what 's4member' is, if it is a provisioned member
> server, then the easiest way to fix this problem would be to remove the
> test.
> You only get the '3000000' numbers on a DC or a provisioned member
> server and a provisioned member server just doesn't work correctly, so
> why test against it, or am I missing something and if so, what ?
I'd leave this to answer to someone who was involved in creating
s4member concept.
--
/ Alexander Bokovoy
More information about the samba-technical
mailing list