[Samba] workaround needed for Security Principals, and SID's mapping bug.
L.P.H. van Belle
belle at bazuin.nl
Thu Dec 1 12:35:48 UTC 2016
Hai Rowland,
This happens when im creating a "Scheduled task" ,
this task needs NT AUTHORITY\System but you need to select the account,
when you select the account a sid/rid mapping is done and this fails.
Resulting in the windows event id and error code.
While searching for that i found that i cant type the username.
You must select it.
To reproduce.
Create a GPO :
Computer Configuration> Preferences> Control Panel Settings> Scheduled Tasks. Right click in the blank pane and select New> Scheduled Task (Windows Vista and later).
Tab General, klik on Change user or Group.
Now go through step 1-5.
I found some related bug to NT Authority\system mis match.
https://bugzilla.samba.org/show_bug.cgi?id=11677
https://bugzilla.samba.org/show_bug.cgi?id=11997
all are : sid s-1-5-18 SID: S-1-5-19 related.
There are more.
I went through.
https://technet.microsoft.com/en-us/library/dn617202(v=ws.11).aspx
https://technet.microsoft.com/en-us/library/dn579255(v=ws.11).aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379649(v=vs.85).aspx
And i also did see that a patch was done, but i cant find/see
if this is the correct fix. ( found here : https://attachments.samba.org/attachment.cgi?id=11781
I was waiting for 4.5.2 to update my environment and hoping this is fixed.
It is still expected at 7 dec.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny via
> samba
> Verzonden: donderdag 1 december 2016 12:05
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] workaround needed for Security Principals, and
> SID's mapping bug.
>
> On Thu, 1 Dec 2016 11:10:04 +0100
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>
> > Hai,
> >
> >
> >
> > Does anyone know if this Security Principals, and SID's mapping bug
> > is resolved or if there is any patch.
> >
> > Rowland? Achim? Any samba dev?
> >
> >
> >
> > I really need it.
> >
> >
> >
> > Im at samba 4.4.5
> >
> > I cant find if its fixed in 4.4.7 or 4.5.1
> >
> >
> >
> > To check if you affected with this, follow these steps.
> >
> >
> >
> > 1. Under "When running the task, use the
> > following user account:", click "Change User or Group..."
> >
> > 2. Click "Locations"
> >
> > 3. Expand the [domain FQDN] and select the
> > "Builtin" container, then click OK
> >
> > 4. In the box labelled "Enter the object name
> > to select:" type "system", then click OK
> >
> > 5. You should see "NT AUTHORITY\System" in the
> > box
> >
> >
> >
> > If you affected with this bug, you wil see : DOMAIN\system
> >
> > And not NT AUTHORITY\System or buildin\system
> >
> >
> >
> > Due to the fact that i cant type the username, i need a solution.
> >
> > Typing the username wil result in :
> >
> > Windows (7) event id 4098 error code 0x80041316
> >
> >
> >
> > I need a way so step 1-5 does result in : NT AUTHORITY\System
> >
> >
> >
> >
> >
> > Greetz,
> >
> >
> >
> > Louis
> >
>
> For the stupid amongst us i.e. me ;-)
>
> What bug are you referring to ?
> What are the steps before '1.' ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list