[Samba] workaround needed for Security Principals, and SID's mapping bug.

L.P.H. van Belle belle at bazuin.nl
Fri Dec 2 08:44:50 UTC 2016


Hai, 

Yes im more then 100% sure. 

https://bugzilla.samba.org/show_bug.cgi?id=11677 is related 
https://bugzilla.samba.org/show_bug.cgi?id=11997 is related 
Which is your bug report ;-) 

https://bugzilla.samba.org/show_bug.cgi?id=12284 maybe related. 
https://bugzilla.samba.org/show_bug.cgi?id=12155 maybe related 

https://bugzilla.samba.org/show_bug.cgi?id=12164 confirms this bug. 

Im setting up and 4.5.1 for jessie now and check again.
But i dont beleave is fully fixed yet. 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Achim Gottinger
> via samba
> Verzonden: vrijdag 2 december 2016 1:47
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] workaround needed for Security Principals, and
> SID's mapping bug.
> 
> 
> 
> Am 01.12.2016 um 13:35 schrieb L.P.H. van Belle via samba:
> > Hai Rowland,
> >
> > This happens when im creating a "Scheduled task" ,
> > this task needs NT AUTHORITY\System but you need to select the account,
> > when you select the account a sid/rid mapping is done and this fails.
> > Resulting in the windows event id and error code.
> > While searching for that i found that i cant type the username.
> > You must select it.
> >
> > To reproduce.
> >
> > Create a GPO :
> > Computer Configuration> Preferences> Control Panel Settings> Scheduled
> Tasks. Right click in the blank pane and select New> Scheduled Task
> (Windows Vista and later).
> >
> > Tab General, klik on Change user or Group.
> > Now go through step 1-5.
> >
> > I found some related bug to NT Authority\system mis match.
> > https://bugzilla.samba.org/show_bug.cgi?id=11677
> > https://bugzilla.samba.org/show_bug.cgi?id=11997
> > all are : sid s-1-5-18 SID: S-1-5-19 related.
> > There are more.
> >
> > I went through.
> > https://technet.microsoft.com/en-us/library/dn617202(v=ws.11).aspx
> > https://technet.microsoft.com/en-us/library/dn579255(v=ws.11).aspx
> > https://msdn.microsoft.com/en-
> us/library/windows/desktop/aa379649(v=vs.85).aspx
> >
> > And i also did see that a patch was done, but i cant find/see
> > if this is the correct fix.  ( found here :
> https://attachments.samba.org/attachment.cgi?id=11781
> >
> > I was waiting for 4.5.2 to update my environment and hoping this is
> fixed.
> > It is still expected at 7 dec.
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
> via
> >> samba
> >> Verzonden: donderdag 1 december 2016 12:05
> >> Aan: samba at lists.samba.org
> >> Onderwerp: Re: [Samba] workaround needed for Security Principals, and
> >> SID's mapping bug.
> >>
> >> On Thu, 1 Dec 2016 11:10:04 +0100
> >> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> >>
> >>> Hai,
> >>>
> >>>
> >>>
> >>> Does anyone know if this Security Principals, and SID's mapping bug
> >>> is resolved or if there is any patch.
> >>>
> >>> Rowland? Achim? Any samba dev?
> >>>
> >>>
> >>>
> >>> I really need it.
> >>>
> >>>
> >>>
> >>> Im at samba 4.4.5
> >>>
> >>> I cant find if its fixed in 4.4.7 or 4.5.1
> >>>
> >>>
> >>>
> >>> To check if you affected with this, follow these steps.
> >>>
> >>>
> >>>
> >>> 1.                       Under "When running the task, use the
> >>> following user account:", click "Change User or Group..."
> >>>
> >>> 2.                       Click "Locations"
> >>>
> >>> 3.                       Expand the [domain FQDN] and select the
> >>> "Builtin" container, then click OK
> >>>
> >>> 4.                       In the box labelled "Enter the object name
> >>> to select:" type "system", then click OK
> >>>
> >>> 5.                       You should see "NT AUTHORITY\System" in the
> >>> box
> >>>
> >>>
> >>>
> >>> If you affected with this bug, you wil see :  DOMAIN\system
> >>>
> >>> And not NT AUTHORITY\System or buildin\system
> >>>
> >>>
> >>>
> >>> Due to the fact that i cant type the username, i need a solution.
> >>>
> >>> Typing the username wil result in :
> >>>
> >>> Windows (7)  event id 4098  error code  0x80041316
> >>>
> >>>
> >>>
> >>> I need a way so step 1-5 does result in : NT AUTHORITY\System
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> Greetz,
> >>>
> >>>
> >>>
> >>> Louis
> >>>
> >> For the stupid amongst us i.e. me ;-)
> >>
> >> What bug are you referring to ?
> >> What are the steps before '1.' ?
> >>
> >> Rowland
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> 
> Hello Louis,
> 
> I'd check the mappings for the SID's in idmap.ldb: Are you sure you hit
> an mapping issue here? These only occure once you hit the filesystem on
> the linux side.
> 
> achim~
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba




More information about the samba mailing list