[Samba] Domain controller in a chroot

Rowland Penny rowlandpenny at googlemail.com
Tue Mar 17 08:41:28 MDT 2015

On 17/03/15 14:06, Sébastien Le Ray wrote:
> Le 17/03/2015 14:45, Rowland Penny a écrit :
>> On 17/03/15 13:29, Sébastien Le Ray wrote:
>>> Le 17/03/2015 14:25, Rowland Penny a écrit :
>>>> Ah, but from my testing, winbindd on 4.2 works very similar to 
>>>> winbind, it still ignores most of the RFC2307 attributes and as I 
>>>> understand it, trusts still do not work.
>>> Mmmm interesting. I've been looking for a while to 4.2 precisely for 
>>> this reason (rfc2307 to get consistent UID on DC) and the commit I 
>>> found was only a special switch passed to winbindd to inform it it 
>>> was running on a DC, so there shouldn't be any difference, this is 
>>> the same daemon. Did you fill a bug/talked to a dev about this?
>> Yes: https://bugzilla.samba.org/show_bug.cgi?id=10886
> Erk… So it seems we've been the only two people on Earth expecting 
> improvements on DC + RFC2307 with 4.2…

It would seem that the main problem is 'Administrators' has to own files 
in sysvol, hence 'ID_TYPE_BOTH'. From my testing (for what it is worth), 
it doesn't seem to matter who owns the files in sysvol, 'Administrator' 
or 'Administrators', access to sysvol seems to be based on the ACEs, so, 
if 'Administrator' was used instead of 'Administrators', 'ID_TYPE_BOTH' 
could be given the order of the boot and then a user would only be a 
user, and a group would only be a group.

Mind you, this is only my perception of the problem and it is probably a 
bit more complex than this.


More information about the samba mailing list