[Samba] access "claim types"

[Rowland Penny]

On 13/02/2023 10:54, Stefan G. Weichinger via samba wrote:
> Am 10.02.23 um 11:26 schrieb Rowland Penny via samba:
> 
>> Hmm, so there is a DC that is having some dns problems and the windows 
>> admin isn't bothered that this 'may' be replicating to his other DC's 
>> ????
> 
> seems so
> 
> I don't know if he would take that one DC down if I recommend that to him
> 
>> Yes, good to keep up to date, but like you, I don't think updating 
>> will fix this problem.
>>
>> If you actually have files that are owned by 
>> 'Administrator:SOME_GROUP' on Linux, then you I would suggest you look 
>> at them using 'ls' with the '-n' switch. I think you will find that 
>> they are not owned by '0:SOME_GROUP_IDNUMBER'
> 
> Will look closer this week again.
> 
> If I check this on one test-share with basically nothing in it:
> 
> # ls -n
> insgesamt 24
> drwxrwxr-x+ 4 0 10512 4096  9. Dez 20:43 Test1
> drwxrwxr-x+ 2 0 10512 4096  9. Dez 20:41 test2
> drwxrwxr-x+ 2 0 10512 4096  9. Dez 20:41 test3
> 
> gid 10512 should be "domain admins" or in this case german 
> "domänen-admins" with an ugly char for the "umlaut"
> 


Are you sure that 'Administrator' owns that directory ?
'0' is the Unix ID for root.

If I create a directory and then change the ownership to Administrator, 
I get this:

rowland at devstation:~$ mkdir testdir
rowland at devstation:~$ sudo chown Administrator testdir
rowland at devstation:~$ ls -ld testdir
drwxrwx---+ 2 administrator domain users 4096 Feb 13 11:00 testdir

If I then use the '-n' switch to 'ls', I get this:

rowland at devstation:~$ ls -nd testdir
drwxrwx---+ 2 10500 10513 4096 Feb 13 11:00 testdir

Which clearly shows that the numeric ID for Administrator is '10500' and 
makes 'Administrator' into just another Unix user.

What could be happening here is that you are seeing Administrator owning 
the share on a Windows machine and the user.map is mapping Administrator 
to root on the Unix machine, which is to be expected.

Rowland