Am 16.06.2017 um 19:17 schrieb Rowland Penny via samba:> On Fri, 16 Jun 2017 13:58:20 -0300
> "Carlos A. P. Cunha" <carlos.hollow at gmail.com> wrote:
>
>> :-|
>>
>> ls -lnd /opt/samba/var/locks/sysvol
>> drwxrwx---+ 3 0 3000000 4096 Jun 16 13:56 /opt/samba/var/locks/sysvol
>>
>>
>
> I have this sinking feeling that you have given your AD users and
> groups from the 'Well Known SIDs' a uidNumber or gidNumber
attribute, I
> cannot think of any other way that 'Builtin\administrators' could
have
> the ID number '4096'.
>
> 'root' shouldn't have the ID '3000000' either.
>
> On a DC, 'Administrator' should be mapped to 'root' inside
idmap.ldb:
>
> dn: CN=S-1-5-21-1768301897-3342589593-1064908849-500
> cn: S-1-5-21-1768301897-3342589593-1064908849-500
> objectClass: sidMap
> objectSid: S-1-5-21-1768301897-3342589593-1064908849-500
> type: ID_TYPE_UID
> xidNumber: 0
> distinguishedName: CN=S-1-5-21-1768301897-3342589593-1064908849-500
>
> BUILTIN\Administrators gets their ID in the same place:
>
> dn: CN=S-1-5-32-544
> cn: S-1-5-32-544
> objectClass: sidMap
> objectSid: S-1-5-32-544
> type: ID_TYPE_BOTH
> xidNumber: 3000000
> distinguishedName: CN=S-1-5-32-544
>
> and as you can see 'Administrator' is a User, but
> 'BUILTIN\Administrator' is both a user and a group, if you give the
> group a gidNumber, it just becomes a group.
>
> Rowland
>
/me pokes Rowland
'4096' is the block size.. :)
---
This is how it looks on my productive systems:
root at ad1:~$ ls -dn /var/lib/samba/sysvol
drwxrwx---+ 3 0 3000000 4096 Jun 16 18:46 /var/lib/samba/sysvol
root at ad1:~$ getfacl /var/lib/samba/sysvol
getfacl: Entferne führende '/' von absoluten Pfadnamen
# file: var/lib/samba/sysvol
# owner: root
# group: BUILTIN\134administrators
user::rwx
user:root:rwx
user:3000000:rwx
group::rwx
group:BUILTIN\134administrators:rwx
group:BUILTIN\134server\040operators:r-x
group:3000002:rwx
group:3000003:r-x
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:3000000:rwx
default:group::---
default:group:BUILTIN\134administrators:rwx
default:group:BUILTIN\134server\040operators:r-x
default:group:3000002:rwx
default:group:3000003:r-x
default:mask::rwx
default:other::---
Bjoern