[Samba] workaround needed for Security Principals, and SID's mapping bug.
Achim Gottinger
achim at ag-web.biz
Fri Dec 2 14:36:16 UTC 2016
Am 02.12.2016 um 11:35 schrieb L.P.H. van Belle via samba:
> Editing the xml.. results in same error. ( which is logical )
>
> The exact event from windows.
>
> Eventlog info:
> Source : Group Policy Scheduled Tasks.
> ID : 4098
> USER : SYSTEM
>
> Error code : Group Policy object did not apply because it failed with error code '0x80070534 No mapping between account names and security IDs was done.' This error was suppressed.
>
> So I'll wait until this bug is fixed.
>
> I tried to read the code but thats way more difficult then what i can program. :-((
>
> I'll put this on hold for now, and do it the ugly way,
> bit anoying for my users but its what it is.
>
> Thanks for all the support.
>
> Greetz,
>
> Louis
>
>
What did you use as runAs?
Found this similar issue
http://www.rozmazat.cz/articles/2015/05/07/no-mapping-between-account-names-and-security-ids-was-done.html
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van Belle
>> via samba
>> Verzonden: vrijdag 2 december 2016 11:01
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] workaround needed for Security Principals, and
>> SID's mapping bug.
>>
>>> Have you tried editing the runAs tag in the corresponding xml file
>>> SchedTask.xml or similar in the sysvol policy folder?
>> Hmm, no, not yet, i'll go test now.
>> I'll report later the result.
>>
>> And yes, i can create a local also, that how i detected the sid/rid/id
>> mapping problems.
>> But i cant go create 100 task localy, thats why i have GPO.
>>
>> Greet,
>>
>> Louis
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Achim Gottinger
>>> via samba
>>> Verzonden: vrijdag 2 december 2016 10:54
>>> Aan: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] workaround needed for Security Principals, and
>>> SID's mapping bug.
>>>
>>>
>>>
>>> Am 02.12.2016 um 09:34 schrieb L.P.H. van Belle via samba:
>>>> Exact, and at this point, im at also.
>>>>
>>>> Here, typing the username results in the windows event and errors out.
>>>> Did a lot of research and im 100% this is and missing mapping.
>>>> Typing does not works, i dont know if this is a windows thing or a
>> samba
>>> thing. But i found several reports where in a windows 7+ with Server
>> 2008
>>> also errors if you type the username.
>>>> And thanks you for having a look..
>>>> you too Rowland.
>>>>
>>>> Which version samba are you gues running atm?
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> -----Oorspronkelijk bericht-----
>>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Achim
>>> Gottinger
>>>>> via samba
>>>>> Verzonden: vrijdag 2 december 2016 3:05
>>>>> Aan: samba at lists.samba.org
>>>>> Onderwerp: Re: [Samba] workaround needed for Security Principals, and
>>>>> SID's mapping bug.
>>>>>
>>>>>
>>>>>
>>>>> Am 02.12.2016 um 02:08 schrieb Achim Gottinger via samba:
>>>>>> Am 02.12.2016 um 01:47 schrieb Achim Gottinger via samba:
>>>>>>> Am 01.12.2016 um 13:35 schrieb L.P.H. van Belle via samba:
>>>>>>>> Hai Rowland,
>>>>>>>>
>>>>>>>> This happens when im creating a "Scheduled task" ,
>>>>>>>> this task needs NT AUTHORITY\System but you need to select the
>>>>> account,
>>>>>>>> when you select the account a sid/rid mapping is done and this
>>> fails.
>>>>>>>> Resulting in the windows event id and error code.
>>>>>>>> While searching for that i found that i cant type the username.
>>>>>>>> You must select it.
>>>>>>>>
>>>>>>>> To
>>>>>> Tried this and it behaves the same way here. The builtin\SYSTEM
>>>>>> account shows up as DOMAINNAME\SYSTEM.
>>>>>>
>>>>>> But to run as the lokal SYSTEM account I think you must pick the
>>>>>> Server as search base and then choose the system account. Here this
>>>>>> leads to an fault and exit of the gpo manangement editor.
>>>>>>
>>>>> Here i can typ in the username. If that does not work for you you can
>>>>> edit the SchedTask.xml (or similar) file in the gpo folder direct.
>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>> I tested against a server running debian wheezy with sernet's samba
>>> package version 4.2.
>>> Using Windows 7 as an client I can edit the username field.
>>> Have you tried editing the runAs tag in the corresponding xml file
>>> SchedTask.xml or similar in the sysvol policy folder?
>>> On a sidenote if i create an task direct (not via gpo) i can select
>>> local system account and the builtin\system account. Both show up as
>>> nt-authority\system (localized).
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list