Web lists-archives.com

Re: [Samba] MMC issue




On Wed, 6 Dec 2017 10:40:14 +0100
Christian Naumer via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Am 06.12.2017 um 10:14 schrieb Rowland Penny via samba:
> > On Tue, 5 Dec 2017 15:39:25 -0700 (MST)
> > Mariusz80 via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > 
> >> Well permisions are working fine but, if i create for example "new
> >> folder" then the owner is root and what about the main problem with
> >> mmc.
> >>
> > 
> > New files/directories will be created with 'root' as the owner
> > because 'Administrator' is mapped to 'root'.
> > 
> > If I run mmc.dsc on the win7 PC and connect to the share, everything
> > works for me.
> I actually have the same problem. The Security tab works as expected.
> Only "Sessions" and "Open Files" do not work. On an DM but work on a
> DC.
> 
> This is with the idamp AD backend not rid and Administrator does not
> have an uid assigned.
> 
> In the logs I see this:
> 
> 
> Successful AuthZ: [srvsvc,ncacn_np] user [BRAIN-02]\[Administrator]
> [S-1-22-1-0] at [Mi, 06 Dez 2017 10:00:22.032080 CET] Remote host
> [ipv4:x.x.x.x:35170] local host [NULL]
> Dec  6 10:00:22 lx-sv-03 smbd_audit: [2017/12/06 10:00:22.035679,  1]
> ../source3/rpc_server/srvsvc/srv_srvsvc_nt.c:1468(_srvsvc_NetSessEnum)
> Dec  6 10:00:22 lx-sv-03 smbd_audit:  Enumerating sessions only
> allowed for administrators
> 
> 
> Samba Version is 4.7.3 on the DM
> 
> wbinfo --sid-to-name=S-1-22-1-0
> 
> Unix User\root 1
> 
> getent passwd Administrator
> 
> returns nothing
> 
> wbinfo --uid-to-sid=0
> S-1-22-1-0

I get:

failed to call wbcUidToSid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert uid 0 to sid

> 
> wbinfo -i Administrator
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user Administrator
> 
> 
> On the DC Samba version is 4.6.11
> 
> wbinfo --sid-to-name=S-1-22-1-0
> failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not lookup sid S-1-22-1-0
> 
> getent passwd Administrator
> 
> returns nothing

I get:

SAMDOM\administrator:*:0:10000::/home/SAMDOM/administrator:/bin/bash

I have libnss_winbind set up on the DC, do you ?

My only thought at this time is, do you have a user in AD called
'root' ?

Rowland





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba