[Samba] Security Principals, and SID's mapping bug
L.P.H. van Belle
belle at bazuin.nl
Wed Jan 25 11:03:57 UTC 2017
Cool, thanks, that was my next question.
I go test that now, report back in few mins, if it works that would really help me out here.
And when you look here :
look at the example sid S-1-5-32-544
This SID has four components:
• A revision level (1)
• An identifier authority value (5, NT Authority)
• A domain identifier (32, Builtin)
• A relative identifier (544, Administrators)
And here you have the " NT Authority" and "Builtin" in one line.
> -----Oorspronkelijk bericht-----
> Van: Rowland Penny [mailto:rpenny at samba.org]
> Verzonden: woensdag 25 januari 2017 11:53
> Aan: L.P.H. van Belle
> Onderwerp: Re: [Samba] Security Principals, and SID's mapping bug
> On Tue, 24 Jan 2017 15:02:14 +0100
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> > wbinfo -s S-1-5-18
> > failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> > Could not lookup sid S-1-5-18
> Hi Louis, I got the same result on a Unix domain member, but after a
> bit of thinking and testing, I now get:
> root at devstation:~# wbinfo --sid-to-name=S-1-5-18
> NT AUTHORITY\SYSTEM 5
> How did I do this ?
> Easy, first create a system group on the Unix machine:
> root at devstation:~# addgroup --system system
> Adding group `system' (GID 125) ...
> Then add a line to the user map:
> !system = SYSTEM system
> Restart Samba
> Now I don't know if this will work with your GPOs, but it is worth
> trying (you may have to alter the Unix 'system' groups permissions)
More information about the samba