ctdb in autobuild broken -- ctdb depends on winbind now????
Rowland Penny
repenny241155 at gmail.com
Mon Jan 9 19:37:40 UTC 2017
On Mon, 9 Jan 2017 21:21:58 +0200
Alexander Bokovoy <ab at samba.org> wrote:
> On ma, 09 tammi 2017, Rowland Penny wrote:
> > On Mon, 9 Jan 2017 20:38:25 +0200
> > Alexander Bokovoy <ab at samba.org> wrote:
> >
> > > On ma, 09 tammi 2017, Rowland Penny wrote:
> >
> > > >
> > > > if you get a group called 'Administrator from 'getent group
> > > > Administrator', you are doing something wrong ;-)
> > > No, you are not. This is called 'user private groups' and is
> > > supported by other software as well -- FreeIPA defaults to this
> > > mode, actually. When new user is added, a corresponding group is
> > > added as well, visible on the nss level as the group with the
> > > same name and the same gid as user's uid.
> > >
> >
> > I have never received anything back from 'getent group
> > Administrator', but 'getent passwd Administrator' does return data
> >
> > root at member1:~# getent group Administrator
> > root at member1:~# getent passwd Administrator
> > SAMDOM\administrator:*:0:10000::/home/SAMDOM/administrator:/bin/bash
> >
> > This could have a lot to do with this in idmap.ldb:
> >
> > dn: CN=S-1-5-21-1768301897-3342589593-1064908849-500
> > cn: S-1-5-21-1768301897-3342589593-1064908849-500
> > objectClass: sidMap
> > objectSid: S-1-5-21-1768301897-3342589593-1064908849-500
> > type: ID_TYPE_UID
> > xidNumber: 0
> > distinguishedName: CN=S-1-5-21-1768301897-3342589593-1064908849-500
> >
> > The concept of 'user private groups' is alien to AD, you cannot
> > have a user and a group in AD with the same name.
> The concept of POSIX groups and users is alien to AD, to be sure.
> UPG is conceptually ID_TYPE_BOTH to be able to map SID to both UID and
> GID.
>
> > Nobody has confirmed what 's4member' is, if it is a provisioned
> > member server, then the easiest way to fix this problem would be to
> > remove the test.
> > You only get the '3000000' numbers on a DC or a provisioned member
> > server and a provisioned member server just doesn't work correctly,
> > so why test against it, or am I missing something and if so, what ?
> I'd leave this to answer to someone who was involved in creating
> s4member concept.
>
I have been looking into this and if you look in
samba-master/selftest/target/Samba4.pm , there is a function:
sub provision_s4member($$$$$)
Now my perl is virtually non existent, but it uses samba-tool to join
the domain (line 1034):
$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member";
So I would say it is provisioning something that just doesn't work
correctly and nobody uses.
Rowland
More information about the samba-technical
mailing list