[Samba] Erro sysvolcheck/sysvolreset
Rowland Penny
rpenny at samba.org
Fri Jun 16 17:17:53 UTC 2017
On Fri, 16 Jun 2017 13:58:20 -0300
"Carlos A. P. Cunha" <carlos.hollow at gmail.com> wrote:
> :-|
>
> ls -lnd /opt/samba/var/locks/sysvol
> drwxrwx---+ 3 0 3000000 4096 Jun 16 13:56 /opt/samba/var/locks/sysvol
>
>
I have this sinking feeling that you have given your AD users and
groups from the 'Well Known SIDs' a uidNumber or gidNumber attribute, I
cannot think of any other way that 'Builtin\administrators' could have
the ID number '4096'.
'root' shouldn't have the ID '3000000' either.
On a DC, 'Administrator' should be mapped to 'root' inside idmap.ldb:
dn: CN=S-1-5-21-1768301897-3342589593-1064908849-500
cn: S-1-5-21-1768301897-3342589593-1064908849-500
objectClass: sidMap
objectSid: S-1-5-21-1768301897-3342589593-1064908849-500
type: ID_TYPE_UID
xidNumber: 0
distinguishedName: CN=S-1-5-21-1768301897-3342589593-1064908849-500
BUILTIN\Administrators gets their ID in the same place:
dn: CN=S-1-5-32-544
cn: S-1-5-32-544
objectClass: sidMap
objectSid: S-1-5-32-544
type: ID_TYPE_BOTH
xidNumber: 3000000
distinguishedName: CN=S-1-5-32-544
and as you can see 'Administrator' is a User, but
'BUILTIN\Administrator' is both a user and a group, if you give the
group a gidNumber, it just becomes a group.
Rowland
More information about the samba
mailing list