[Samba] convert from synology
Peter Carlson
peter at howudodat.com
Fri Oct 7 13:45:38 UTC 2022
Here is that entry: it in fact has an invalid xidNumber.
# record 69
dn: CN=S-1-5-32-544
cn: S-1-5-32-544
objectClass: sidMap
objectSid: S-1-5-32-544
type: ID_TYPE_GID
xidNumber: 3208642592
distinguishedName: CN=S-1-5-32-544
The other entries appear to be ok. Would it help for me to send the
whole file?
# record 70
dn: CN=S-1-5-21-185628584-2620904409-2800336372-1115
cn: S-1-5-21-185628584-2620904409-2800336372-1115
objectClass: sidMap
objectSid: S-1-5-21-185628584-2620904409-2800336372-1115
type: ID_TYPE_UID
xidNumber: 3030385755
distinguishedName: CN=S-1-5-21-185628584-2620904409-2800336372-1115
Why might this one entry be off? In fact looking into all of the
entries, all of my xids are in the 10 digit range and not 7 digit range
3#########
peter
On 10/7/22 00:52, Rowland Penny via samba wrote:
>
>
> On 07/10/2022 07:39, Andrew Bartlett via samba wrote:
>> As I said look into why that gid value might be wrong, by examining
>> your idmap.ldb for example.
>
>
> I think what Andrew is trying to say is that the gid may be incorrect.
>
> The line that is causing the error is this:
>
> smbd.set_simple_acl(file.name, 0o755, system_session_unix(), gid)
>
> if you look at the code for that line, you will find this above it:
>
> :param gid: The GID of the "Domain adminstrators" group
>
> Which, now I think about it, is also a bug, there isn't a 'Domain
> administrators' group, but there is a domain 'Administrators' group.
>
> so if you look in idmap.ldb , you should find this:
>
> dn: CN=S-1-5-32-544
> cn: S-1-5-32-544
> objectClass: sidMap
> objectSid: S-1-5-32-544
> type: ID_TYPE_BOTH
> xidNumber: 3000002
> distinguishedName: CN=S-1-5-32-544
>
> S-1-5-32-544 is the SID the domain 'Administrators' group and, from
> the example above (taken from my DC), the 'gid' is '3000002'. Yours
> may be slightly different, but it should be in the '3000000' range.
>
> Rowland
>
>
>
More information about the samba
mailing list