[Samba] Security Principals, and SID's mapping bug
mathias dufresne
infractory at gmail.com
Wed Jan 25 13:46:48 UTC 2017
I do believe the right way to spell it is NT Authority\System.
BUILTIN\System and NTDOM\System are either aliases for NT Authority\System
or just bad way to display that SID's name.
Sorry, I have nothing relevant and clear enough to make that affirmation
more convincible...
2017-01-25 13:45 GMT+01:00 L.P.H. van Belle via samba <samba at lists.samba.org
>:
> Steps to reproduce.
>
> Try this:
>
> 1.Viewing/Edit a GPO,
> go to Computer Configuration > Control Panel Settings > Scheduled Tasks.
> 2.Right-click in the window and choose
> New > Scheduled Task (At least Windows 7).
> 3.On the General tab:
> a.Set the name to TestSchedule.
> b.Run the task as NT AUTHORITY\System. Check Run with highest privileges.
> c.Click OK.
>
> 3b, try, klik change user/group.
> Next window, type : system, klik ok.
> It changes to NTDOM\system which should be BUILTIN\SYSTEM
>
> 3b, again, change user/group,
> Next window, type : Server Operators, and klik ok.
> That reports correcty : BUILTIN\Server Operators
>
> All other values dont matter.
>
>
> Greetz,
>
> Louis
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van
> Belle
> > via samba
> > Verzonden: woensdag 25 januari 2017 13:30
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] Security Principals, and SID's mapping bug
> >
> > Did looked up some old threads.
> >
> > it started here :
> > Nov 2013 https://lists.samba.org/archive/samba/2013-November/177110.html
> >
> > Then https://lists.samba.org/archive/samba/2014-June/182429.html
> > On this link, test there shows on the DC..
> >
> > root at DC2:~# wbinfo -G 3000002
> > S-1-5-18
> > root at DC2:~# wbinfo -s S-1-5-18
> > NT AUTHORITY+SYSTEM 5
> > root at DC2:~#
> > so it was working in 2014. that was samba 4.1.x or begin of 4.2.x
> >
> > again
> > https://lists.samba.org/archive/samba/2015-November/195637.html
> > and there are more.
> >
> > If we can track this bug down, it will make lots of people happy.
> > So anything i can do to helpout.
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >
> > > -----Oorspronkelijk bericht-----
> > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van
> > Belle
> > > via samba
> > > Verzonden: woensdag 25 januari 2017 13:01
> > > Aan: samba at lists.samba.org
> > > Onderwerp: Re: [Samba] Security Principals, and SID's mapping bug
> > >
> > > Yeah, i noticed, tried also adding user and group..
> > > For the domain member, its not a problem.
> > >
> > > I have a workaround now for my PC which have joined my domain, so i can
> > go
> > > ahead with what im testing.
> > >
> > > Thanks for haveing a look into it.
> > >
> > >
> > > Greetz,
> > >
> > > Louis
> > >
> > >
> > >
> > > > -----Oorspronkelijk bericht-----
> > > > Van: Rowland Penny [mailto:rpenny at samba.org]
> > > > Verzonden: woensdag 25 januari 2017 12:41
> > > > Aan: L.P.H. van Belle
> > > > Onderwerp: Re: [Samba] Security Principals, and SID's mapping bug
> > > >
> > > > On Wed, 25 Jan 2017 12:25:45 +0100
> > > > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> > > >
> > > > > Are you sure that was the only change? :-/
> > > > >
> > > > > Tried it out, but
> > > > > wbinfo --lookup-sids=S-1-5-18
> > > > > wbcLookupSids failed: WBC_ERR_INVALID_SID
> > > > > Could not lookup SIDs S-1-5-18
> > > > >
> > > > > Does this possible has anything todo with AD/RID setups?
> > > > > Im on a AD setup.
> > > > >
> > > > > Selecting the users SYSTEM though search still resolve back to
> > > > > NTDOM\System
> > > > >
> > > > > :-)
> > > > > Well.. lunch first.
> > > > >
> > > > > Greetz,
> > > > >
> > > >
> > > > I tested on a Unix domain member and it worked, just tried it on DC
> > and
> > > > it doesn't, back to thinking ;-)
> > > >
> > > > Rowland
> > >
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list