On 06/07/2023 09:39, Ingo Asche via samba wrote:> I found something out about this SID which - according to Synology - is
> creating the problem.
>
> Rowland may remember that he said it is not in this patch I was
> requested to install.
What I actually said was this:
Just one other thought, You are having problems with the SID S-1-18-1
and the patch on that bug report does not mention that SID, so even if
you do manage to patch something, it isn't likely to help you.
Which was wrong, but only because when I look closer i.e. pay more
attention, there are two patches and neither of them mention 'S-1-18'
>
> The SID is S-1-18-1 and according to Microsoft this Well-Known SID
don't
> exists in Windows AD 2008R2 and below.
>
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab?redirectedfrom=MSDN
>
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/11e1608c-6169-4fbc-9c33-373fc9b224f4#Appendix_A_37
>
> And as Samba is at the moment at Functional Level 2008R2 it is correct
> that this one is not found.
I would agree with you, Samba is still at function level 2008R2, even
using the 4.18.x releases, so 4.15.x (which I think synology is based
on) is definitely function level 2008R2. This means, by my
understanding, Samba shouldn't know anything about 'S-1-18' SIDs and
by
basing on an old Samba version, neither should synology.
> I asked Synology which Windows AD version
> they support.
>
> I don't got an answer until now. But if they claim supporting 2008R2,
> the question would be, why then is this causing a problem? ;-)
>
Because they are doing their own thing ????
A quick google turned this up:
https://www.synology.com/en-eu/dsm/7.2/software_spec/synology_directory_server
DSM 7.2 appears to be the latest version and has Domain functional level
equivalent to 200R2, but appears to based on Samba 4.10.x
Rowland