[Samba] Administrator Maps winbind GID to 100 (sys)

Wed, 14 May 2008 15:59:58 -0700

Samba 3.0.22a (with backports from up to 3.0.25) on HP-UX 11iv3 (HP CIFS Server), "security=ADS" to W2003R2 domain, winbind running with "idmap backend = rid:", and "root = DOMAIN+Administrator" in username.map.
From Administrator on a domain Vista client, using Explore to map a share and then set an ACL from Properties/Security/Permissions, I choose a Windows group from the list to add to the directory ACL. The winbind GID is 12011. The correct groupname is displayed in the Explorer window, but when doing a getacl from unix, the GID is 100, or sys - the Administrator home group. 


So I went to /var/opt/samba/locks and deleted all of the cache files and 
restarted - same result.



If I set the directory to a different owner, and add the same GID with a 
different client user, then the correct winbind GID is added to the ACL.



Any idea why Administrator=root maps the sys GID to a winbind group 
name?  Log entry and smb.conf below.  Thanks,


Eric Roseme

[2008/05/14 09:57:02, 10] passdb/passdb.c:local_sid_to_gid(1318)
  local_sid_to_gid: Fall back to algorithmic mapping
[2008/05/14 09:57:02, 10] passdb/passdb.c:local_sid_to_gid(1325)

  local_sid_to_gid: mapping: 
S-1-5-21-463747597-202940698-2940076759-1201 -> 100

[2008/05/14 09:57:02, 10] passdb/lookup_sid.c:sid_to_gid(1245)
  sid_to_gid: S-1-5-21-463747597-202940698-2940076759-1201 -> 100
[2008/05/14 09:57:02, 10] smbd/posix_acls.c:create_canon_ace_lists(1453)
  create_canon_ace_lists: adding dir ACL:

  canon_ace index 0. Type = allow SID = 
S-1-5-21-463747597-202940698-2940076759-1201 gid 100 (100) S

MB_ACL_GROUP perms r-x
[2008/05/14 09:57:02, 10] smbd/posix_acls.c:create_canon_ace_lists(1511)
  create_canon_ace_lists: adding file ACL:

  canon_ace index 0. Type = allow SID = 
S-1-5-21-463747597-202940698-2940076759-1201 gid 100 (100) S

MB_ACL_GROUP perms r-x





# Samba config file created using SWAT
# from 16.93.45.222 (16.93.45.222)
# Date: 2006/04/28 10:10:56

# Global parameters
[global]
        workgroup = SNSLATC
        realm = SNSLATC.HP.COM
        server string = Samba Server
        interfaces = xx.xxx.xxx.xx
        bind interfaces only = Yes
        netbios name = SERVER14   
        security = ADS             
        client schannel = No
        server schannel = No
        password server = SNSLATC-DC.SNSLATC.HP.COM
        log level = 10
        log file = /var/opt/samba/log.%m
        username map = /etc/opt/samba/username.map
        max log size = 1000
        machine password timeout = 300
        local master = No
        wins server = xx.xxx.xxx.xx
        ldap ssl = no
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        idmap backend = rid:SNSLATC=10000-20000
        template homedir = /home/%U
        template shell = /usr/bin/sh
        winbind separator = +
        winbind use default domain = yes
        allow trusted domains = no
        winbind enum users = yes
        winbind enum groups = yes
        read only = No
        short preserve case = No
        dos filetime resolution = Yes
#        use kerberos keytab = yes

[homes]
        comment = Home Directories
        valid users = %S
        browseable = No

[tmp]
        comment = Temporary file space
        path = /tmp

[sbx_interface]
      path = /home/sbx_interface


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba













    











					Reply via email to