Op 14-03-2023 om 11:05 schreef Rowland Penny via samba:>
>
> On 14/03/2023 09:38, Christian Naumer via samba wrote:
>> Am 14.03.23 um 10:31 schrieb Kees van Vloten via samba:
>>> I guess the uid is required because a GPO is a file (and something
>>> in LDAP). The file is retrieved form the sysvol share and in order
>>> to deal with file permissions on Linux you get identified on the
>>> filesytem withself with a uid (and gid). In this case it is the
>>> computer-account that retrieves the file, at least that is my
>>> assumption ?
>>
>>
>> That is correct. However, GPOs are normally on a DC and there a
>> computer has a uid (or xid or whatever it is called). That why a DC
>> does this differently.
>>
>>
>> Regards
>>
>> Christian
>>
>>
>
> From my testing, this is correct, until you try to use a SID with
> getent and then nothing is returned and the you get the error message:
>
> add_local_groups: SID S-1-5-21-2112549936-2540803609-4198596461-1600
> -> getpwuid(3000148) failed, is nsswitch configured?
>
> I get the feeling that if the SID could be changed for the computer
> name or Unix ID, it would work.
>
> Rowland
>
I use rfc2307 and I remember I had to assign uid/gid to computer objects
at one point to get rid of different but also similar kind of errors
(check ml 14-04-2022), these were the messages:
smbd[15370]: [2022/04/14 14:32:56.556685, ?0]
../../source3/auth/auth_util.c:1928(check_account)
smbd[15370]: ? check_account: Failed to convert SID
S-1-5-21-3042323961-424325435-1432587418-1234 to a UID
(dom_user[SAMDOM\computer01$])