Web lists-archives.com

Re: [Samba] syscolcheck error / Could not convert sid S-1-5-32-544 to uid

Hi Rowland

On 25 May 2018 at 16:09, Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>

> The problem with sysvolcheck & sysvolreset is they have never used the
> Owner, group and ACLs that windows uses. Having said that, as long as
> no BULTIN or DOMAIN user or group (except Domain Users) has a uidNumber
> or gidNumber AND you haven't added any extra GPOs, it will work, you
> just have to ignore that error message.
> When you add ANY extra GPOs, then never ever use sysvolcheck or
> sysvolreset. You should also never give Domain Admins a gidNumber
> attribute, this turns the windows group into a Unix group. You are now
> probably thinking 'what?', a group is just a group, right ? Well, no,
> a Windows group can do something that no Unix group can, it can own
> files and directories and guess what needs to own files and directories
> in sysvol ??

Thank you for the clear summary here, that really explains the issues.

I've spotted a section on the wiki that now appears out of date -
contradicts what I believe is more current advice e.g. from Louis, to use
the Windows tools instead

Is there an 'owner' for any of this info on the wiki, or should I just go
ahead and edit? (in this instance, perhaps remove that FAQ entry as it is
misleading now?)



"If we knew what it was we were doing, it would not be called research,
would it?"
      - Albert Einstein
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba