[Samba] Erro sysvolcheck/sysvolreset

Rowland Penny rpenny at samba.org
Fri Jun 16 17:17:53 UTC 2017


On Fri, 16 Jun 2017 13:58:20 -0300
"Carlos A. P. Cunha" <carlos.hollow at gmail.com> wrote:

> :-|
> 
> ls -lnd /opt/samba/var/locks/sysvol
> drwxrwx---+ 3 0 3000000 4096 Jun 16 13:56 /opt/samba/var/locks/sysvol
> 
> 

I have this sinking feeling that you have given your AD users and
groups from the 'Well Known SIDs' a uidNumber or gidNumber attribute, I
cannot think of any other way that 'Builtin\administrators' could have
the ID number '4096'.

'root' shouldn't have the ID '3000000' either.

On a DC, 'Administrator' should be mapped to 'root' inside idmap.ldb:

dn: CN=S-1-5-21-1768301897-3342589593-1064908849-500
cn: S-1-5-21-1768301897-3342589593-1064908849-500
objectClass: sidMap
objectSid: S-1-5-21-1768301897-3342589593-1064908849-500
type: ID_TYPE_UID
xidNumber: 0
distinguishedName: CN=S-1-5-21-1768301897-3342589593-1064908849-500

BUILTIN\Administrators gets their ID in the same place:

dn: CN=S-1-5-32-544
cn: S-1-5-32-544
objectClass: sidMap
objectSid: S-1-5-32-544
type: ID_TYPE_BOTH
xidNumber: 3000000
distinguishedName: CN=S-1-5-32-544

and as you can see 'Administrator' is a User, but
'BUILTIN\Administrator' is both a user and a group, if you give the
group a gidNumber, it just becomes a group.

Rowland



More information about the samba mailing list