On Tue, Jun 1, 2021 at 4:41 PM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 01/06/2021 21:31, Andrew Walker wrote:
> > On Tue, Jun 1, 2021 at 3:53 AM Rowland penny via samba
> > <samba at lists.samba.org <mailto:samba at
lists.samba.org>> wrote:
> >
> > This doesn't affect Linux unless your computers gain a
uidNumber
> > and congratulations, you appear to have found
> > a bug.
> >
> >
> > I believe RID backend, which is being used here, can provide idmapping
> > for computer accounts, since it just algorithmically maps IDs to SIDs.
> > This can be helpful in some situations IIRC where Windows may attempt
> > to authenticate to the samba server using its machine account rather
> > than the account of the currently logged in user. I believe some
> > backup software does this.
>
>
> I found this out, I had never thought to run 'getent passwd' with a
> computer name, but when I tried it using the 'rid' backend, it
worked.
> In my opinion it shouldn't, but if it has to, it shouldn't show the
> computers primary group as Domain Users.
>
> Rowland
>
I'll have to think about this some, but I think I agree on this point.
Perhaps for idmap backends supporting ID_TYPE_BOTH, we could just set
primary gid to uid.