[Samba] Security Principals, and SID's mapping bug
L.P.H. van Belle
belle at bazuin.nl
Wed Jan 25 11:03:57 UTC 2017
Cool, thanks, that was my next question.
I go test that now, report back in few mins, if it works that would really help me out here.
And when you look here :
https://technet.microsoft.com/en-us/library/cc778824(v=ws.10).aspx
look at the example sid S-1-5-32-544
This SID has four components:
• A revision level (1)
• An identifier authority value (5, NT Authority)
• A domain identifier (32, Builtin)
• A relative identifier (544, Administrators)
And here you have the " NT Authority" and "Builtin" in one line.
;-)
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Rowland Penny [mailto:rpenny at samba.org]
> Verzonden: woensdag 25 januari 2017 11:53
> Aan: L.P.H. van Belle
> Onderwerp: Re: [Samba] Security Principals, and SID's mapping bug
>
> On Tue, 24 Jan 2017 15:02:14 +0100
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>
>
> >
> > wbinfo -s S-1-5-18
> > failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> > Could not lookup sid S-1-5-18
> >
>
> Hi Louis, I got the same result on a Unix domain member, but after a
> bit of thinking and testing, I now get:
>
> root at devstation:~# wbinfo --sid-to-name=S-1-5-18
> NT AUTHORITY\SYSTEM 5
>
> How did I do this ?
>
> Easy, first create a system group on the Unix machine:
>
> root at devstation:~# addgroup --system system
> Adding group `system' (GID 125) ...
> Done.
>
> Then add a line to the user map:
>
> !system = SYSTEM system
>
> Restart Samba
>
> Now I don't know if this will work with your GPOs, but it is worth
> trying (you may have to alter the Unix 'system' groups permissions)
>
> Rowland
More information about the samba
mailing list