[Samba] Erro sysvolcheck/sysvolreset

Bjoern Trimborn samba at bjoern-trimborn.de
Fri Jun 16 17:43:44 UTC 2017 

Am 16.06.2017 um 19:17 schrieb Rowland Penny via samba:
> On Fri, 16 Jun 2017 13:58:20 -0300
> "Carlos A. P. Cunha" <carlos.hollow at gmail.com> wrote:
> 
>> :-|
>>
>> ls -lnd /opt/samba/var/locks/sysvol
>> drwxrwx---+ 3 0 3000000 4096 Jun 16 13:56 /opt/samba/var/locks/sysvol
>>
>>
> 
> I have this sinking feeling that you have given your AD users and
> groups from the 'Well Known SIDs' a uidNumber or gidNumber attribute, I
> cannot think of any other way that 'Builtin\administrators' could have
> the ID number '4096'.
> 
> 'root' shouldn't have the ID '3000000' either.
> 
> On a DC, 'Administrator' should be mapped to 'root' inside idmap.ldb:
> 
> dn: CN=S-1-5-21-1768301897-3342589593-1064908849-500
> cn: S-1-5-21-1768301897-3342589593-1064908849-500
> objectClass: sidMap
> objectSid: S-1-5-21-1768301897-3342589593-1064908849-500
> type: ID_TYPE_UID
> xidNumber: 0
> distinguishedName: CN=S-1-5-21-1768301897-3342589593-1064908849-500
> 
> BUILTIN\Administrators gets their ID in the same place:
> 
> dn: CN=S-1-5-32-544
> cn: S-1-5-32-544
> objectClass: sidMap
> objectSid: S-1-5-32-544
> type: ID_TYPE_BOTH
> xidNumber: 3000000
> distinguishedName: CN=S-1-5-32-544
> 
> and as you can see 'Administrator' is a User, but
> 'BUILTIN\Administrator' is both a user and a group, if you give the
> group a gidNumber, it just becomes a group.
> 
> Rowland
> 
/me pokes Rowland
'4096' is the block size.. :)

---

This is how it looks on my productive systems:

root at ad1:~$ ls -dn /var/lib/samba/sysvol
drwxrwx---+ 3 0 3000000 4096 Jun 16 18:46 /var/lib/samba/sysvol

root at ad1:~$ getfacl /var/lib/samba/sysvol
getfacl: Entferne führende '/' von absoluten Pfadnamen
# file: var/lib/samba/sysvol
# owner: root
# group: BUILTIN\134administrators
user::rwx
user:root:rwx
user:3000000:rwx
group::rwx
group:BUILTIN\134administrators:rwx
group:BUILTIN\134server\040operators:r-x
group:3000002:rwx
group:3000003:r-x
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:3000000:rwx
default:group::---
default:group:BUILTIN\134administrators:rwx
default:group:BUILTIN\134server\040operators:r-x
default:group:3000002:rwx
default:group:3000003:r-x
default:mask::rwx
default:other::---

Bjoern

More information about the samba mailing list