Web lists-archives.com

Re: [Samba] syscolcheck error / Could not convert sid S-1-5-32-544 to uid




On Fri, 25 May 2018 17:16:09 +0100
Jonathan Hunter via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hi Rowland
> 
> On 25 May 2018 at 16:09, Rowland Penny via samba
> <samba@xxxxxxxxxxxxxxx> wrote:
> 
> >
> > The problem with sysvolcheck & sysvolreset is they have never used
> > the Owner, group and ACLs that windows uses. Having said that, as
> > long as no BULTIN or DOMAIN user or group (except Domain Users) has
> > a uidNumber or gidNumber AND you haven't added any extra GPOs, it
> > will work, you just have to ignore that error message.
> > When you add ANY extra GPOs, then never ever use sysvolcheck or
> > sysvolreset. You should also never give Domain Admins a gidNumber
> > attribute, this turns the windows group into a Unix group. You are
> > now probably thinking 'what?', a group is just a group, right ?
> > Well, no, a Windows group can do something that no Unix group can,
> > it can own files and directories and guess what needs to own files
> > and directories in sysvol ??
> 
> 
> Thank you for the clear summary here, that really explains the issues.
> 
> I've spotted a section on the wiki that now appears out of date -
> https://wiki.samba.org/index.php/FAQ#What_Does_The_permissions_for_this_GPO_in_the_SYSVOL_folder_are_inconsistent_with_those_in_Active_Directory_Mean.3F
> contradicts what I believe is more current advice e.g. from Louis, to
> use the Windows tools instead
> 
> Is there an 'owner' for any of this info on the wiki, or should I
> just go ahead and edit? (in this instance, perhaps remove that FAQ
> entry as it is misleading now?)
> 
> Cheers
> 
> Jonathan
> 

Provided you have registered, anybody can edit the wiki and in fact
edits (as long as they are accurate) are very welcome.

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba