[Samba] workaround needed for Security Principals, and SID's mapping bug.

L.P.H. van Belle belle at bazuin.nl
Fri Dec 2 10:35:49 UTC 2016 

Editing the xml..  results in same error. ( which is logical ) 

The exact event from windows. 

Eventlog info: 
Source	: Group Policy Scheduled Tasks. 
ID		: 4098
USER		: SYSTEM

Error code : Group Policy object did not apply because it failed with error code '0x80070534 No mapping between account names and security IDs was done.' This error was suppressed. 

So I'll wait until this bug is fixed. 

I tried to read the code but thats way more difficult then what i can program. :-(( 

I'll put this on hold for now, and do it the ugly way, 
bit anoying for my users but its what it is. 

Thanks for all the support.

Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van Belle
> via samba
> Verzonden: vrijdag 2 december 2016 11:01
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] workaround needed for Security Principals, and
> SID's mapping bug.
> 
> > Have you tried editing the runAs tag in the corresponding xml file
> > SchedTask.xml or similar in the sysvol policy folder?
> Hmm, no, not yet, i'll go test now.
> I'll report later the result.
> 
> And yes, i can create a local also, that how i detected the sid/rid/id
> mapping problems.
> But i cant go create 100 task localy, thats why i have GPO.
> 
> Greet,
> 
> Louis
> 
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Achim Gottinger
> > via samba
> > Verzonden: vrijdag 2 december 2016 10:54
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] workaround needed for Security Principals, and
> > SID's mapping bug.
> >
> >
> >
> > Am 02.12.2016 um 09:34 schrieb L.P.H. van Belle via samba:
> > > Exact, and at this point, im at also.
> > >
> > > Here, typing the username results in the windows event and errors out.
> > > Did a lot of research and im 100% this is and missing mapping.
> > > Typing does not works, i dont know if this is a windows thing or a
> samba
> > thing. But i found several reports where in a windows 7+ with Server
> 2008
> > also errors if you type the username.
> > >
> > > And thanks you for having a look..
> > > you too Rowland.
> > >
> > > Which version samba are you gues running atm?
> > >
> > >
> > >
> > >
> > >
> > >> -----Oorspronkelijk bericht-----
> > >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Achim
> > Gottinger
> > >> via samba
> > >> Verzonden: vrijdag 2 december 2016 3:05
> > >> Aan: samba at lists.samba.org
> > >> Onderwerp: Re: [Samba] workaround needed for Security Principals, and
> > >> SID's mapping bug.
> > >>
> > >>
> > >>
> > >> Am 02.12.2016 um 02:08 schrieb Achim Gottinger via samba:
> > >>>
> > >>> Am 02.12.2016 um 01:47 schrieb Achim Gottinger via samba:
> > >>>>
> > >>>> Am 01.12.2016 um 13:35 schrieb L.P.H. van Belle via samba:
> > >>>>> Hai Rowland,
> > >>>>>
> > >>>>> This happens when im creating a "Scheduled task" ,
> > >>>>> this task needs NT AUTHORITY\System but you need to select the
> > >> account,
> > >>>>> when you select the account a sid/rid mapping is done and this
> > fails.
> > >>>>> Resulting in the windows event id and error code.
> > >>>>> While searching for that i found that i cant type the username.
> > >>>>> You must select it.
> > >>>>>
> > >>>>> To
> > >>> Tried this and it behaves the same way here. The builtin\SYSTEM
> > >>> account shows up as DOMAINNAME\SYSTEM.
> > >>>
> > >>> But to run as the lokal SYSTEM account I think you must pick the
> > >>> Server as search base and then choose the system account. Here this
> > >>> leads to an fault and exit of the gpo manangement editor.
> > >>>
> > >> Here i can typ in the username. If that does not work for you you can
> > >> edit the SchedTask.xml (or similar) file in the gpo folder direct.
> > >>
> > >> --
> > >> To unsubscribe from this list go to the following URL and read the
> > >> instructions:  https://lists.samba.org/mailman/options/samba
> > >
> > I tested against a server running debian wheezy with sernet's samba
> > package version 4.2.
> > Using Windows 7 as an client I can edit the username field.
> > Have you tried editing the runAs tag in the corresponding xml file
> > SchedTask.xml or similar in the sysvol policy folder?
> > On a sidenote if i create an task direct (not via gpo) i can select
> > local system account and the builtin\system account. Both show up as
> > nt-authority\system (localized).
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list