Web lists-archives.com

Re: [Samba] syscolcheck error / Could not convert sid S-1-5-32-544 to uid




Hi Rowland

On 25 May 2018 at 16:09, Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
wrote:

>
> The problem with sysvolcheck & sysvolreset is they have never used the
> Owner, group and ACLs that windows uses. Having said that, as long as
> no BULTIN or DOMAIN user or group (except Domain Users) has a uidNumber
> or gidNumber AND you haven't added any extra GPOs, it will work, you
> just have to ignore that error message.
> When you add ANY extra GPOs, then never ever use sysvolcheck or
> sysvolreset. You should also never give Domain Admins a gidNumber
> attribute, this turns the windows group into a Unix group. You are now
> probably thinking 'what?', a group is just a group, right ? Well, no,
> a Windows group can do something that no Unix group can, it can own
> files and directories and guess what needs to own files and directories
> in sysvol ??


Thank you for the clear summary here, that really explains the issues.

I've spotted a section on the wiki that now appears out of date -
https://wiki.samba.org/index.php/FAQ#What_Does_The_permissions_for_this_GPO_in_the_SYSVOL_folder_are_inconsistent_with_those_in_Active_Directory_Mean.3F
contradicts what I believe is more current advice e.g. from Louis, to use
the Windows tools instead

Is there an 'owner' for any of this info on the wiki, or should I just go
ahead and edit? (in this instance, perhaps remove that FAQ entry as it is
misleading now?)

Cheers

Jonathan

-- 
"If we knew what it was we were doing, it would not be called research,
would it?"
      - Albert Einstein
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba