[Samba] User Group SID behavior has changed from 21b to 23c

Mario Lipinski mario.lipinski at gymszbad.de
Tue Sep 5 20:17:23 GMT 2006


thx for the fast reply.

Am Dienstag, den 05.09.2006, 14:43 -0500 schrieb Gerald (Jerry) Carter:
> The stance now is that the primaryGroupSID attribute
> in the passdb ignored and the actual value is generated
> on the fly based on the user's real Unix primary group.

So do I get it right, that Samba set the primaryGroupSID to the "Domain
Users" SID, if the users primary unix group is not mapped to nt group
and even if the user is not member of it?
And only if the users primary group is mapped, this one is assigned to
his samba account as primaryGroupSID?

So, if I have given the Domain Users richts not to all my users. And I
got a user who is not member of a mapped group. His primary group rid is
513 and he is allowed to log on to a workstation.

And I have given some special permissions to a folder for the Domain
Users group. Then my user is able to gain the permissions the users of
the Domain Users group have which he is not intended to have.

I hope it's not really working that way...


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.samba.org/archive/samba/attachments/20060905/af919e2f/attachment.bin

More information about the samba mailing list