[Samba] Synology shares not accessible...

Rowland Penny rpenny at samba.org
Thu Jul 6 12:39:57 UTC 2023 


On 06/07/2023 13:20, Ingo Asche via samba wrote:
> Rowland Penny via samba schrieb am 06.07.2023 um 11:36:
>>
>> On 06/07/2023 09:39, Ingo Asche via samba wrote:
>>> I found something out about this SID which - according to Synology - 
>>> is creating the problem.
>>>
>>> Rowland may remember that he said it is not in this patch I was 
>>> requested to install.
>>
>> What I actually said was this:
>>
>> Just one other thought, You are having problems with the SID S-1-18-1
>> and the patch on that bug report does not mention that SID, so even if
>> you do manage to patch something, it isn't likely to help you.
>>
> You're right, I shortened it to much, sorry for that...
>>
>> Which was wrong, but only because when I look closer i.e. pay more 
>> attention, there are two patches and neither of them mention 'S-1-18'
>>
>>>
>>> The SID is S-1-18-1 and according to Microsoft this Well-Known SID 
>>> don't exists in Windows AD 2008R2 and below.
>>> https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab?redirectedfrom=MSDN
>>> https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/11e1608c-6169-4fbc-9c33-373fc9b224f4#Appendix_A_37
>>>
>>> And as Samba is at the moment at Functional Level 2008R2 it is 
>>> correct that this one is not found. 
>>
>> I would agree with you, Samba is still at function level 2008R2, even 
>> using the 4.18.x releases, so 4.15.x (which I think synology is based 
>> on) is definitely function level 2008R2. This means, by my 
>> understanding, Samba shouldn't know anything about 'S-1-18' SIDs and 
>> by basing on an old Samba version, neither should synology.
>>
>>
>>> I asked Synology which Windows AD version they support.
>>>
>>> I don't got an answer until now. But if they claim supporting 2008R2, 
>>> the question would be, why then is this causing a problem? ;-)
>>>
>>
>> Because they are doing their own thing ????
> This was more a rhetorical question... :-)

That's why you got a rhetorical answer :-)

>> A quick google turned this up:
>>
>> https://www.synology.com/en-eu/dsm/7.2/software_spec/synology_directory_server
>>
>> DSM 7.2 appears to be the latest version and has Domain functional 
>> level equivalent to 200R2, but appears to based on Samba 4.10.x
> This document seems not quite actual, because they are now on 
> 4.15.13(-0615), but I think this will make no difference.

Being based on 4.10.x or 4.15.x will not make a difference, they are 
both, like all versions of Samba 4.x.x (so far), based on the functional 
level 2008R2

> 
> By the way Directory Server and SMB-Service are two different packages 
> on their system.

Well yes, but all the documentation I can find for a synology NAS says 
it is based on DSM.

I cannot really say much more about synology, I do not own one, I have 
never owned one and after this debacle, I am highly unlikely to ever buy 
one, why would I shoot myself in the foot (note, these are my opinions 
and yours may differ).

Rowland

More information about the samba mailing list