[Samba] convert from synology

Peter Carlson peter at howudodat.com
Fri Oct 7 13:45:38 UTC 2022


Here is that entry: it in fact has an invalid xidNumber.

# record 69
dn: CN=S-1-5-32-544
cn: S-1-5-32-544
objectClass: sidMap
objectSid: S-1-5-32-544
type: ID_TYPE_GID
xidNumber: 3208642592
distinguishedName: CN=S-1-5-32-544

The other entries appear to be ok.  Would it help for me to send the 
whole file?

# record 70
dn: CN=S-1-5-21-185628584-2620904409-2800336372-1115
cn: S-1-5-21-185628584-2620904409-2800336372-1115
objectClass: sidMap
objectSid: S-1-5-21-185628584-2620904409-2800336372-1115
type: ID_TYPE_UID
xidNumber: 3030385755
distinguishedName: CN=S-1-5-21-185628584-2620904409-2800336372-1115

Why might this one entry be off?  In fact looking into all of the 
entries, all of my xids are in the 10 digit range and not 7 digit range 
3#########

peter

On 10/7/22 00:52, Rowland Penny via samba wrote:
>
>
> On 07/10/2022 07:39, Andrew Bartlett via samba wrote:
>> As I said look into why that gid value might be wrong, by examining
>> your idmap.ldb for example.
>
>
> I think what Andrew is trying to say is that the gid may be incorrect.
>
> The line that is causing the error is this:
>
> smbd.set_simple_acl(file.name, 0o755, system_session_unix(), gid)
>
> if you look at the code for that line, you will find this above it:
>
> :param gid: The GID of the "Domain adminstrators" group
>
> Which, now I think about it, is also a bug, there isn't a 'Domain 
> administrators' group, but there is a domain 'Administrators' group.
>
> so if you look in idmap.ldb , you should find this:
>
> dn: CN=S-1-5-32-544
> cn: S-1-5-32-544
> objectClass: sidMap
> objectSid: S-1-5-32-544
> type: ID_TYPE_BOTH
> xidNumber: 3000002
> distinguishedName: CN=S-1-5-32-544
>
> S-1-5-32-544 is the SID the domain 'Administrators' group and, from 
> the example above (taken from my DC), the 'gid' is '3000002'. Yours 
> may be slightly different, but it should be in the '3000000' range.
>
> Rowland
>
>
>



More information about the samba mailing list