L.P.H. van Belle
2016-Dec-01 10:10 UTC
[Samba] workaround needed for Security Principals, and SID's mapping bug.
Hai, Does anyone know if this Security Principals, and SID's mapping bug is resolved or if there is any patch. Rowland? Achim? Any samba dev? I really need it. Im at samba 4.4.5 I cant find if its fixed in 4.4.7 or 4.5.1 To check if you affected with this, follow these steps. 1. Under "When running the task, use the following user account:", click "Change User or Group..." 2. Click "Locations" 3. Expand the [domain FQDN] and select the "Builtin" container, then click OK 4. In the box labelled "Enter the object name to select:" type "system", then click OK 5. You should see "NT AUTHORITY\System" in the box If you affected with this bug, you wil see : DOMAIN\system And not NT AUTHORITY\System or buildin\system Due to the fact that i cant type the username, i need a solution. Typing the username wil result in : Windows (7) event id 4098 error code 0x80041316 I need a way so step 1-5 does result in : NT AUTHORITY\System Greetz, Louis
Rowland Penny
2016-Dec-01 11:04 UTC
[Samba] workaround needed for Security Principals, and SID's mapping bug.
On Thu, 1 Dec 2016 11:10:04 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> Hai, > > > > Does anyone know if this Security Principals, and SID's mapping bug > is resolved or if there is any patch. > > Rowland? Achim? Any samba dev? > > > > I really need it. > > > > Im at samba 4.4.5 > > I cant find if its fixed in 4.4.7 or 4.5.1 > > > > To check if you affected with this, follow these steps. > > > > 1. Under "When running the task, use the > following user account:", click "Change User or Group..." > > 2. Click "Locations" > > 3. Expand the [domain FQDN] and select the > "Builtin" container, then click OK > > 4. In the box labelled "Enter the object name > to select:" type "system", then click OK > > 5. You should see "NT AUTHORITY\System" in the > box > > > > If you affected with this bug, you wil see : DOMAIN\system > > And not NT AUTHORITY\System or buildin\system > > > > Due to the fact that i cant type the username, i need a solution. > > Typing the username wil result in : > > Windows (7) event id 4098 error code 0x80041316 > > > > I need a way so step 1-5 does result in : NT AUTHORITY\System > > > > > > Greetz, > > > > Louis >For the stupid amongst us i.e. me ;-) What bug are you referring to ? What are the steps before '1.' ? Rowland
L.P.H. van Belle
2016-Dec-01 12:35 UTC
[Samba] workaround needed for Security Principals, and SID's mapping bug.
Hai Rowland, This happens when im creating a "Scheduled task" , this task needs NT AUTHORITY\System but you need to select the account, when you select the account a sid/rid mapping is done and this fails. Resulting in the windows event id and error code. While searching for that i found that i cant type the username. You must select it. To reproduce. Create a GPO : Computer Configuration> Preferences> Control Panel Settings> Scheduled Tasks. Right click in the blank pane and select New> Scheduled Task (Windows Vista and later). Tab General, klik on Change user or Group. Now go through step 1-5. I found some related bug to NT Authority\system mis match. https://bugzilla.samba.org/show_bug.cgi?id=11677 https://bugzilla.samba.org/show_bug.cgi?id=11997 all are : sid s-1-5-18 SID: S-1-5-19 related. There are more. I went through. https://technet.microsoft.com/en-us/library/dn617202(v=ws.11).aspx https://technet.microsoft.com/en-us/library/dn579255(v=ws.11).aspx https://msdn.microsoft.com/en-us/library/windows/desktop/aa379649(v=vs.85).aspx And i also did see that a patch was done, but i cant find/see if this is the correct fix. ( found here : https://attachments.samba.org/attachment.cgi?id=11781 I was waiting for 4.5.2 to update my environment and hoping this is fixed. It is still expected at 7 dec. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny via > samba > Verzonden: donderdag 1 december 2016 12:05 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] workaround needed for Security Principals, and > SID's mapping bug. > > On Thu, 1 Dec 2016 11:10:04 +0100 > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > > > Hai, > > > > > > > > Does anyone know if this Security Principals, and SID's mapping bug > > is resolved or if there is any patch. > > > > Rowland? Achim? Any samba dev? > > > > > > > > I really need it. > > > > > > > > Im at samba 4.4.5 > > > > I cant find if its fixed in 4.4.7 or 4.5.1 > > > > > > > > To check if you affected with this, follow these steps. > > > > > > > > 1. Under "When running the task, use the > > following user account:", click "Change User or Group..." > > > > 2. Click "Locations" > > > > 3. Expand the [domain FQDN] and select the > > "Builtin" container, then click OK > > > > 4. In the box labelled "Enter the object name > > to select:" type "system", then click OK > > > > 5. You should see "NT AUTHORITY\System" in the > > box > > > > > > > > If you affected with this bug, you wil see : DOMAIN\system > > > > And not NT AUTHORITY\System or buildin\system > > > > > > > > Due to the fact that i cant type the username, i need a solution. > > > > Typing the username wil result in : > > > > Windows (7) event id 4098 error code 0x80041316 > > > > > > > > I need a way so step 1-5 does result in : NT AUTHORITY\System > > > > > > > > > > > > Greetz, > > > > > > > > Louis > > > > For the stupid amongst us i.e. me ;-) > > What bug are you referring to ? > What are the steps before '1.' ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Achim Gottinger
2016-Dec-02 00:47 UTC
[Samba] workaround needed for Security Principals, and SID's mapping bug.
Am 01.12.2016 um 13:35 schrieb L.P.H. van Belle via samba:> Hai Rowland, > > This happens when im creating a "Scheduled task" , > this task needs NT AUTHORITY\System but you need to select the account, > when you select the account a sid/rid mapping is done and this fails. > Resulting in the windows event id and error code. > While searching for that i found that i cant type the username. > You must select it. > > To reproduce. > > Create a GPO : > Computer Configuration> Preferences> Control Panel Settings> Scheduled Tasks. Right click in the blank pane and select New> Scheduled Task (Windows Vista and later). > > Tab General, klik on Change user or Group. > Now go through step 1-5. > > I found some related bug to NT Authority\system mis match. > https://bugzilla.samba.org/show_bug.cgi?id=11677 > https://bugzilla.samba.org/show_bug.cgi?id=11997 > all are : sid s-1-5-18 SID: S-1-5-19 related. > There are more. > > I went through. > https://technet.microsoft.com/en-us/library/dn617202(v=ws.11).aspx > https://technet.microsoft.com/en-us/library/dn579255(v=ws.11).aspx > https://msdn.microsoft.com/en-us/library/windows/desktop/aa379649(v=vs.85).aspx > > And i also did see that a patch was done, but i cant find/see > if this is the correct fix. ( found here : https://attachments.samba.org/attachment.cgi?id=11781 > > I was waiting for 4.5.2 to update my environment and hoping this is fixed. > It is still expected at 7 dec. > > > Greetz, > > Louis > > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny via >> samba >> Verzonden: donderdag 1 december 2016 12:05 >> Aan: samba at lists.samba.org >> Onderwerp: Re: [Samba] workaround needed for Security Principals, and >> SID's mapping bug. >> >> On Thu, 1 Dec 2016 11:10:04 +0100 >> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: >> >>> Hai, >>> >>> >>> >>> Does anyone know if this Security Principals, and SID's mapping bug >>> is resolved or if there is any patch. >>> >>> Rowland? Achim? Any samba dev? >>> >>> >>> >>> I really need it. >>> >>> >>> >>> Im at samba 4.4.5 >>> >>> I cant find if its fixed in 4.4.7 or 4.5.1 >>> >>> >>> >>> To check if you affected with this, follow these steps. >>> >>> >>> >>> 1. Under "When running the task, use the >>> following user account:", click "Change User or Group..." >>> >>> 2. Click "Locations" >>> >>> 3. Expand the [domain FQDN] and select the >>> "Builtin" container, then click OK >>> >>> 4. In the box labelled "Enter the object name >>> to select:" type "system", then click OK >>> >>> 5. You should see "NT AUTHORITY\System" in the >>> box >>> >>> >>> >>> If you affected with this bug, you wil see : DOMAIN\system >>> >>> And not NT AUTHORITY\System or buildin\system >>> >>> >>> >>> Due to the fact that i cant type the username, i need a solution. >>> >>> Typing the username wil result in : >>> >>> Windows (7) event id 4098 error code 0x80041316 >>> >>> >>> >>> I need a way so step 1-5 does result in : NT AUTHORITY\System >>> >>> >>> >>> >>> >>> Greetz, >>> >>> >>> >>> Louis >>> >> For the stupid amongst us i.e. me ;-) >> >> What bug are you referring to ? >> What are the steps before '1.' ? >> >> Rowland >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/sambaHello Louis, I'd check the mappings for the SID's in idmap.ldb: Are you sure you hit an mapping issue here? These only occure once you hit the filesystem on the linux side. achim~
L.P.H. van Belle
2016-Dec-02 08:44 UTC
[Samba] workaround needed for Security Principals, and SID's mapping bug.
Hai, Yes im more then 100% sure. https://bugzilla.samba.org/show_bug.cgi?id=11677 is related https://bugzilla.samba.org/show_bug.cgi?id=11997 is related Which is your bug report ;-) https://bugzilla.samba.org/show_bug.cgi?id=12284 maybe related. https://bugzilla.samba.org/show_bug.cgi?id=12155 maybe related https://bugzilla.samba.org/show_bug.cgi?id=12164 confirms this bug. Im setting up and 4.5.1 for jessie now and check again. But i dont beleave is fully fixed yet. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Achim Gottinger > via samba > Verzonden: vrijdag 2 december 2016 1:47 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] workaround needed for Security Principals, and > SID's mapping bug. > > > > Am 01.12.2016 um 13:35 schrieb L.P.H. van Belle via samba: > > Hai Rowland, > > > > This happens when im creating a "Scheduled task" , > > this task needs NT AUTHORITY\System but you need to select the account, > > when you select the account a sid/rid mapping is done and this fails. > > Resulting in the windows event id and error code. > > While searching for that i found that i cant type the username. > > You must select it. > > > > To reproduce. > > > > Create a GPO : > > Computer Configuration> Preferences> Control Panel Settings> Scheduled > Tasks. Right click in the blank pane and select New> Scheduled Task > (Windows Vista and later). > > > > Tab General, klik on Change user or Group. > > Now go through step 1-5. > > > > I found some related bug to NT Authority\system mis match. > > https://bugzilla.samba.org/show_bug.cgi?id=11677 > > https://bugzilla.samba.org/show_bug.cgi?id=11997 > > all are : sid s-1-5-18 SID: S-1-5-19 related. > > There are more. > > > > I went through. > > https://technet.microsoft.com/en-us/library/dn617202(v=ws.11).aspx > > https://technet.microsoft.com/en-us/library/dn579255(v=ws.11).aspx > > https://msdn.microsoft.com/en- > us/library/windows/desktop/aa379649(v=vs.85).aspx > > > > And i also did see that a patch was done, but i cant find/see > > if this is the correct fix. ( found here : > https://attachments.samba.org/attachment.cgi?id=11781 > > > > I was waiting for 4.5.2 to update my environment and hoping this is > fixed. > > It is still expected at 7 dec. > > > > > > Greetz, > > > > Louis > > > > > > > >> -----Oorspronkelijk bericht----- > >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny > via > >> samba > >> Verzonden: donderdag 1 december 2016 12:05 > >> Aan: samba at lists.samba.org > >> Onderwerp: Re: [Samba] workaround needed for Security Principals, and > >> SID's mapping bug. > >> > >> On Thu, 1 Dec 2016 11:10:04 +0100 > >> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > >> > >>> Hai, > >>> > >>> > >>> > >>> Does anyone know if this Security Principals, and SID's mapping bug > >>> is resolved or if there is any patch. > >>> > >>> Rowland? Achim? Any samba dev? > >>> > >>> > >>> > >>> I really need it. > >>> > >>> > >>> > >>> Im at samba 4.4.5 > >>> > >>> I cant find if its fixed in 4.4.7 or 4.5.1 > >>> > >>> > >>> > >>> To check if you affected with this, follow these steps. > >>> > >>> > >>> > >>> 1. Under "When running the task, use the > >>> following user account:", click "Change User or Group..." > >>> > >>> 2. Click "Locations" > >>> > >>> 3. Expand the [domain FQDN] and select the > >>> "Builtin" container, then click OK > >>> > >>> 4. In the box labelled "Enter the object name > >>> to select:" type "system", then click OK > >>> > >>> 5. You should see "NT AUTHORITY\System" in the > >>> box > >>> > >>> > >>> > >>> If you affected with this bug, you wil see : DOMAIN\system > >>> > >>> And not NT AUTHORITY\System or buildin\system > >>> > >>> > >>> > >>> Due to the fact that i cant type the username, i need a solution. > >>> > >>> Typing the username wil result in : > >>> > >>> Windows (7) event id 4098 error code 0x80041316 > >>> > >>> > >>> > >>> I need a way so step 1-5 does result in : NT AUTHORITY\System > >>> > >>> > >>> > >>> > >>> > >>> Greetz, > >>> > >>> > >>> > >>> Louis > >>> > >> For the stupid amongst us i.e. me ;-) > >> > >> What bug are you referring to ? > >> What are the steps before '1.' ? > >> > >> Rowland > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba > > Hello Louis, > > I'd check the mappings for the SID's in idmap.ldb: Are you sure you hit > an mapping issue here? These only occure once you hit the filesystem on > the linux side. > > achim~ > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Reasonably Related Threads
- workaround needed for Security Principals, and SID's mapping bug.
- workaround needed for Security Principals, and SID's mapping bug.
- workaround needed for Security Principals, and SID's mapping bug.
- workaround needed for Security Principals, and SID's mapping bug.
- workaround needed for Security Principals, and SID's mapping bug.