[Samba] Security Principals, and SID's mapping bug
L.P.H. van Belle
belle at bazuin.nl
Wed Jan 25 12:45:40 UTC 2017
Steps to reproduce.
Try this:
1.Viewing/Edit a GPO,
go to Computer Configuration > Control Panel Settings > Scheduled Tasks.
2.Right-click in the window and choose
New > Scheduled Task (At least Windows 7).
3.On the General tab:
a.Set the name to TestSchedule.
b.Run the task as NT AUTHORITY\System. Check Run with highest privileges.
c.Click OK.
3b, try, klik change user/group.
Next window, type : system, klik ok.
It changes to NTDOM\system which should be BUILTIN\SYSTEM
3b, again, change user/group,
Next window, type : Server Operators, and klik ok.
That reports correcty : BUILTIN\Server Operators
All other values dont matter.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van Belle
> via samba
> Verzonden: woensdag 25 januari 2017 13:30
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Security Principals, and SID's mapping bug
>
> Did looked up some old threads.
>
> it started here :
> Nov 2013 https://lists.samba.org/archive/samba/2013-November/177110.html
>
> Then https://lists.samba.org/archive/samba/2014-June/182429.html
> On this link, test there shows on the DC..
>
> root at DC2:~# wbinfo -G 3000002
> S-1-5-18
> root at DC2:~# wbinfo -s S-1-5-18
> NT AUTHORITY+SYSTEM 5
> root at DC2:~#
> so it was working in 2014. that was samba 4.1.x or begin of 4.2.x
>
> again
> https://lists.samba.org/archive/samba/2015-November/195637.html
> and there are more.
>
> If we can track this bug down, it will make lots of people happy.
> So anything i can do to helpout.
>
>
> Greetz,
>
> Louis
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van
> Belle
> > via samba
> > Verzonden: woensdag 25 januari 2017 13:01
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] Security Principals, and SID's mapping bug
> >
> > Yeah, i noticed, tried also adding user and group..
> > For the domain member, its not a problem.
> >
> > I have a workaround now for my PC which have joined my domain, so i can
> go
> > ahead with what im testing.
> >
> > Thanks for haveing a look into it.
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >
> > > -----Oorspronkelijk bericht-----
> > > Van: Rowland Penny [mailto:rpenny at samba.org]
> > > Verzonden: woensdag 25 januari 2017 12:41
> > > Aan: L.P.H. van Belle
> > > Onderwerp: Re: [Samba] Security Principals, and SID's mapping bug
> > >
> > > On Wed, 25 Jan 2017 12:25:45 +0100
> > > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> > >
> > > > Are you sure that was the only change? :-/
> > > >
> > > > Tried it out, but
> > > > wbinfo --lookup-sids=S-1-5-18
> > > > wbcLookupSids failed: WBC_ERR_INVALID_SID
> > > > Could not lookup SIDs S-1-5-18
> > > >
> > > > Does this possible has anything todo with AD/RID setups?
> > > > Im on a AD setup.
> > > >
> > > > Selecting the users SYSTEM though search still resolve back to
> > > > NTDOM\System
> > > >
> > > > :-)
> > > > Well.. lunch first.
> > > >
> > > > Greetz,
> > > >
> > >
> > > I tested on a Unix domain member and it worked, just tried it on DC
> and
> > > it doesn't, back to thinking ;-)
> > >
> > > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list