[Samba] workaround needed for Security Principals, and SID's mapping bug.
Achim Gottinger
achim at ag-web.biz
Fri Dec 2 00:47:07 UTC 2016
Am 01.12.2016 um 13:35 schrieb L.P.H. van Belle via samba:
> Hai Rowland,
>
> This happens when im creating a "Scheduled task" ,
> this task needs NT AUTHORITY\System but you need to select the account,
> when you select the account a sid/rid mapping is done and this fails.
> Resulting in the windows event id and error code.
> While searching for that i found that i cant type the username.
> You must select it.
>
> To reproduce.
>
> Create a GPO :
> Computer Configuration> Preferences> Control Panel Settings> Scheduled Tasks. Right click in the blank pane and select New> Scheduled Task (Windows Vista and later).
>
> Tab General, klik on Change user or Group.
> Now go through step 1-5.
>
> I found some related bug to NT Authority\system mis match.
> https://bugzilla.samba.org/show_bug.cgi?id=11677
> https://bugzilla.samba.org/show_bug.cgi?id=11997
> all are : sid s-1-5-18 SID: S-1-5-19 related.
> There are more.
>
> I went through.
> https://technet.microsoft.com/en-us/library/dn617202(v=ws.11).aspx
> https://technet.microsoft.com/en-us/library/dn579255(v=ws.11).aspx
> https://msdn.microsoft.com/en-us/library/windows/desktop/aa379649(v=vs.85).aspx
>
> And i also did see that a patch was done, but i cant find/see
> if this is the correct fix. ( found here : https://attachments.samba.org/attachment.cgi?id=11781
>
> I was waiting for 4.5.2 to update my environment and hoping this is fixed.
> It is still expected at 7 dec.
>
>
> Greetz,
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny via
>> samba
>> Verzonden: donderdag 1 december 2016 12:05
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] workaround needed for Security Principals, and
>> SID's mapping bug.
>>
>> On Thu, 1 Dec 2016 11:10:04 +0100
>> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>>
>>> Hai,
>>>
>>>
>>>
>>> Does anyone know if this Security Principals, and SID's mapping bug
>>> is resolved or if there is any patch.
>>>
>>> Rowland? Achim? Any samba dev?
>>>
>>>
>>>
>>> I really need it.
>>>
>>>
>>>
>>> Im at samba 4.4.5
>>>
>>> I cant find if its fixed in 4.4.7 or 4.5.1
>>>
>>>
>>>
>>> To check if you affected with this, follow these steps.
>>>
>>>
>>>
>>> 1. Under "When running the task, use the
>>> following user account:", click "Change User or Group..."
>>>
>>> 2. Click "Locations"
>>>
>>> 3. Expand the [domain FQDN] and select the
>>> "Builtin" container, then click OK
>>>
>>> 4. In the box labelled "Enter the object name
>>> to select:" type "system", then click OK
>>>
>>> 5. You should see "NT AUTHORITY\System" in the
>>> box
>>>
>>>
>>>
>>> If you affected with this bug, you wil see : DOMAIN\system
>>>
>>> And not NT AUTHORITY\System or buildin\system
>>>
>>>
>>>
>>> Due to the fact that i cant type the username, i need a solution.
>>>
>>> Typing the username wil result in :
>>>
>>> Windows (7) event id 4098 error code 0x80041316
>>>
>>>
>>>
>>> I need a way so step 1-5 does result in : NT AUTHORITY\System
>>>
>>>
>>>
>>>
>>>
>>> Greetz,
>>>
>>>
>>>
>>> Louis
>>>
>> For the stupid amongst us i.e. me ;-)
>>
>> What bug are you referring to ?
>> What are the steps before '1.' ?
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
Hello Louis,
I'd check the mappings for the SID's in idmap.ldb: Are you sure you hit
an mapping issue here? These only occure once you hit the filesystem on
the linux side.
achim~
More information about the samba
mailing list