[Samba] What is so bad about primaryGroupID=513?
Gerald Carter
jerry at samba.org
Thu Jun 6 20:49:01 GMT 2002
On Mon, 3 Jun 2002, Florian Hars wrote:
> I try to set up Samba 2.2.4 / LDAP as a PDC and it almost works. The
> only thing I don't understand is why a domain user can't have a
> primaryGroupID of 513 (which looks like it should be a safe default).
> But if I set it, login is denied with an error C0000078 on the client,
> and something like
All users have the Domain Users group set automatically
(on a Samba PDC). The domain group support in 2.2.x
is incomplete to put it nicely. :-) I wou;dn't even bother setting
this. Let the posixGroup membership handle it.
A correct solution will be implemented in 3.0
> PS: isn't there a return(True) missing in uid.c/change_to_user:
>
> if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
> (current_user.uid == conn->uid)) {
> DEBUG(4,("change_to_user: Skipping user change - already user\n"));
> return(True);
> } else if ((current_user.conn == conn) &&
> (vuser != 0) && (current_user.vuid == vuid) &&
> (current_user.uid == vuser->uid)) {
> DEBUG(4,("change_to_user: Skipping user change - already user\n"));
> /************** HERE ??? ***************************/
> }
Looks that way. Thanks.
cheers, jerry
---------------------------------------------------------------------
Hewlett-Packard http://www.hp.com
SAMBA Team http://www.samba.org
-- http://www.plainjoe.org
"Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2
--"I never saved anything for the swim back." Ethan Hawk in Gattaca--
More information about the samba
mailing list