[Samba] workaround needed for Security Principals, and SID's mapping bug.

Fri Dec 2 16:10:06 UTC 2016

No, i believe that guy is wrong.

MS-DTYP 
https://msdn.microsoft.com/en-us/library/cc980032.aspx 

NT AUTHORITY\SYSTEM S-1-5-18
NT AUTHORITY\authenticated users S-1-5-11 
Etc etc. 

Monday i'll have a look again. 

Have a nice weeken everybody. 

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Achim Gottinger
> via samba
> Verzonden: vrijdag 2 december 2016 15:42
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] workaround needed for Security Principals, and
> SID's mapping bug.
> 
> Another page with your issue:
> http://trentent.blogspot.de/2014/10/group-policy-preferences-scheduled-
> task.html
> This seems to be an windows bug.
> 
> Am 02.12.2016 um 11:35 schrieb L.P.H. van Belle via samba:
> > Editing the xml..  results in same error. ( which is logical )
> >
> > The exact event from windows.
> >
> > Eventlog info:
> > Source	: Group Policy Scheduled Tasks.
> > ID		: 4098
> > USER		: SYSTEM
> >
> > Error code : Group Policy object did not apply because it failed with
> error code '0x80070534 No mapping between account names and security IDs
> was done.' This error was suppressed.
> >
> > So I'll wait until this bug is fixed.
> >
> > I tried to read the code but thats way more difficult then what i can
> program. :-((
> >
> > I'll put this on hold for now, and do it the ugly way,
> > bit anoying for my users but its what it is.
> >
> > Thanks for all the support.
> >
> > Greetz,
> >
> > Louis
> >
> >
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van
> Belle
> >> via samba
> >> Verzonden: vrijdag 2 december 2016 11:01
> >> Aan: samba at lists.samba.org
> >> Onderwerp: Re: [Samba] workaround needed for Security Principals, and
> >> SID's mapping bug.
> >>
> >>> Have you tried editing the runAs tag in the corresponding xml file
> >>> SchedTask.xml or similar in the sysvol policy folder?
> >> Hmm, no, not yet, i'll go test now.
> >> I'll report later the result.
> >>
> >> And yes, i can create a local also, that how i detected the sid/rid/id
> >> mapping problems.
> >> But i cant go create 100 task localy, thats why i have GPO.
> >>
> >> Greet,
> >>
> >> Louis
> >>
> >>> -----Oorspronkelijk bericht-----
> >>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Achim
> Gottinger
> >>> via samba
> >>> Verzonden: vrijdag 2 december 2016 10:54
> >>> Aan: samba at lists.samba.org
> >>> Onderwerp: Re: [Samba] workaround needed for Security Principals, and
> >>> SID's mapping bug.
> >>>
> >>>
> >>>
> >>> Am 02.12.2016 um 09:34 schrieb L.P.H. van Belle via samba:
> >>>> Exact, and at this point, im at also.
> >>>>
> >>>> Here, typing the username results in the windows event and errors
> out.
> >>>> Did a lot of research and im 100% this is and missing mapping.
> >>>> Typing does not works, i dont know if this is a windows thing or a
> >> samba
> >>> thing. But i found several reports where in a windows 7+ with Server
> >> 2008
> >>> also errors if you type the username.
> >>>> And thanks you for having a look..
> >>>> you too Rowland.
> >>>>
> >>>> Which version samba are you gues running atm?
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>> -----Oorspronkelijk bericht-----
> >>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Achim
> >>> Gottinger
> >>>>> via samba
> >>>>> Verzonden: vrijdag 2 december 2016 3:05
> >>>>> Aan: samba at lists.samba.org
> >>>>> Onderwerp: Re: [Samba] workaround needed for Security Principals,
> and
> >>>>> SID's mapping bug.
> >>>>>
> >>>>>
> >>>>>
> >>>>> Am 02.12.2016 um 02:08 schrieb Achim Gottinger via samba:
> >>>>>> Am 02.12.2016 um 01:47 schrieb Achim Gottinger via samba:
> >>>>>>> Am 01.12.2016 um 13:35 schrieb L.P.H. van Belle via samba:
> >>>>>>>> Hai Rowland,
> >>>>>>>>
> >>>>>>>> This happens when im creating a "Scheduled task" ,
> >>>>>>>> this task needs NT AUTHORITY\System but you need to select the
> >>>>> account,
> >>>>>>>> when you select the account a sid/rid mapping is done and this
> >>> fails.
> >>>>>>>> Resulting in the windows event id and error code.
> >>>>>>>> While searching for that i found that i cant type the username.
> >>>>>>>> You must select it.
> >>>>>>>>
> >>>>>>>> To
> >>>>>> Tried this and it behaves the same way here. The builtin\SYSTEM
> >>>>>> account shows up as DOMAINNAME\SYSTEM.
> >>>>>>
> >>>>>> But to run as the lokal SYSTEM account I think you must pick the
> >>>>>> Server as search base and then choose the system account. Here this
> >>>>>> leads to an fault and exit of the gpo manangement editor.
> >>>>>>
> >>>>> Here i can typ in the username. If that does not work for you you
> can
> >>>>> edit the SchedTask.xml (or similar) file in the gpo folder direct.
> >>>>>
> >>>>> --
> >>>>> To unsubscribe from this list go to the following URL and read the
> >>>>> instructions:  https://lists.samba.org/mailman/options/samba
> >>> I tested against a server running debian wheezy with sernet's samba
> >>> package version 4.2.
> >>> Using Windows 7 as an client I can edit the username field.
> >>> Have you tried editing the runAs tag in the corresponding xml file
> >>> SchedTask.xml or similar in the sysvol policy folder?
> >>> On a sidenote if i create an task direct (not via gpo) i can select
> >>> local system account and the builtin\system account. Both show up as
> >>> nt-authority\system (localized).
> >>>
> >>>
> >>> --
> >>> To unsubscribe from this list go to the following URL and read the
> >>> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba