[Samba] Can one set the owner of a folder to BUILTIN\Administrators?

Ian samba at zestysoft.com
Wed Feb 17 00:03:30 UTC 2016

I've recently attempted to migrate some windows server files over to
samba 4 hosted on a FreeNAS server.

Using robocopy with the /copyall switch, I expected everything,
including ACL's and ownership information to transfer over.  For the
most part they have.  The one problem I've ran into however, is that I'm
getting errors any time I or robocopy attempt to change the ownership to

I've brought this up with the FreeNAS community, but so far it's unclear
if this is by design, there is a configuration issue somewhere, or
there's a bug. 

When I attempt to change ownership to Builtin\Administrators, I get an
error that I don't have the Restore Privilege required, or if I have
inheritance enabled when changing ownership, "This security ID may not
be assigned as the owner of this object."

As mentioned in that thread I linked to (lots more details there), I
verified that I do have the Restore Privilege right.  I also verified
that I can assign any other owner successfully -- it's just
Builtin\Administrators that's giving me trouble.

After turning up the logging in the samba configuration file and
restarting the service, this was the output when I attempted to change

[2016/02/16 15:33:02.077685,  3]
  check_reduced_name [CoreLib] [/mnt/trunk/MM/deploy]
[2016/02/16 15:33:02.077890,  3]
  check_reduced_name: CoreLib reduced to /mnt/trunk/MM/deploy/CoreLib
[2016/02/16 15:33:02.078111,  3] ../source3/smbd/dosmode.c:163(unix_mode)
  unix_mode(CoreLib) returning 0666
[2016/02/16 15:33:02.080039,  3]
  unpack_nt_owners: unable to validate owner sid for S-1-5-32-544
[2016/02/16 15:33:04.251911,  3] ../source3/smbd/service.c:1130(close_cnum) (ipv4: closed connection to service IPC$

Googling for "unable to validate owner sid for S-1-5-32-544" brings up a
thread a decade old: 

There was some discussion about sid/gid conflicts and ACLs with some
futher discussion about fixing it.   Since there's so little found when
Googling, I have to believe that this has been fixed since I would
expect there to be a lot more complaints from people like myself who are
migrating files from windows to samba.

Any feedback is welcome, even if the advice is to change ownership to
something other than builtin\Administrators because that's broken.  :)

More information about the samba mailing list