[Samba] Security = ADS and 3.0.23 Upgrade
Gerald (Jerry) Carter
jerry at samba.org
Wed Jul 19 22:04:31 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
(added the list back to CC)
Dale Schroeder wrote:
> I've attached the screenshots, but I think my
> confusion was expecting the pdc to display the FQDN
> from its DNS records for the samba system,
> not the hosts file on the samba system.
I will almost guarantee that you have host a
broken /etc/hosts on you Samba box. The machine's
hostname should not be listed in the 127.0.0.1 line.
This will also break Krb5 authentication.
Fix this on the Unix box and rejoin the domain.
Should be fine.
>> This is correct behavior. net groupmap lists local
>> mappings and has nothing to do with domain groups
>> managed by Winbind.
> The reason I questioned this at all is because the
> following is my 'net groupmap list' output on a 3.0.22
> system showing all the standard domain groups listed
> on the pdc:
> System Operators (S-1-5-32-549) -> -1
> Here is the output on the 3.0.23 system:
> Administrators (S-1-5-32-544) -> BUILTIN+administrators
> Users (S-1-5-32-545) -> BUILTIN+users
This is correct output. A -1 gid entry was an the indication
of an unmapped SID so we just cleaned them out. The local
Administrators and Users groups is used for authorization
purpose. For example,
$ net sam listmem Administrators
BUILTIN\Administrators has 3 members
Then we can simplem check internally for membership
in Administrators to do things like manage services
or grant privileges.
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba