Michael Tokarev
2022-Nov-19 11:49 UTC
[Samba] samba crashes windows explorer (while trying to view file permissions)
19.11.2022 14:36, Michael Tokarev via samba ?????:> Unable to convert second SID (S-1-5-21-540662649-332824406-1706519170-513) in user token to a GID. Conversion was returned as type 0, full token:I found this: https://www.spinics.net/lists/samba/msg174381.html which shows an issue with idmap.ldb. But in my case this is a fresh domain, created with nothing in /var/lib/samba/, so I can't restore idmap.ldb from a backup, - because this file has just been created (and no, I didn't try to replicate it to another DC yet, to fix the uid/gid mismatches there as has been mentioned in another thread). From tdbdump /var/lib/samba/private/idmap.ldb: { key(50) = "DN=CN=S-1-5-21-540662649-332824406-1706519170-513\00" data(231) = "g\19\01&\05\00\00\00CN=S-1-5-21-540662649-332824406-1706519170-513\00cn\00\01\00\00\00+\00\00\00S-1-5-21-540662649-332824406-1706519170-513\00objectClass\00\01\00\00\00\06\00\00\00sidMap\00objectSid\00\01\00\00\00\1C\00\00\00\01\05\00\00\00\00\00\05\15\00\00\00y\DB9 V\7F\D6\13\82j\B7e\01\02\00\00\00type\00\01\00\00\00\0B\00\00\00ID_TYPE_GID\00xidNumber\00\01\00\00\00\03\00\00\00100\00" } - which - I think - should match, no? Thanks, /mjt
Rowland Penny
2022-Nov-19 12:55 UTC
[Samba] samba crashes windows explorer (while trying to view file permissions)
On 19/11/2022 11:49, Michael Tokarev via samba wrote:> 19.11.2022 14:36, Michael Tokarev via samba ?????: >> Unable to convert second SID >> (S-1-5-21-540662649-332824406-1706519170-513) in user token to a GID. >> Conversion was returned as type 0, full token:They are all what is known as the 'Well Known SIDS', see here: https://learn.microsoft.com/en-us/windows/win32/secauthz/well-known-sids> > I found this: > > https://www.spinics.net/lists/samba/msg174381.html > > which shows an issue with idmap.ldb. > > But in my case this is a fresh domain, created with nothing in > /var/lib/samba/, > so I can't restore idmap.ldb from a backup, - because this file has just > been > created (and no, I didn't try to replicate it to another DC yet, to fix the > uid/gid mismatches there as has been mentioned in another thread). > > From tdbdump /var/lib/samba/private/idmap.ldb:Try using ldbedit, it is a lot more readable: ldbedit -e nano -H /var/lib/samba/private/idmap.ldb dn: CN=S-1-5-21-627072207-2265849604-124128874-513 cn: S-1-5-21-627072207-2265849604-124128874-513 objectClass: sidMap objectSid: S-1-5-21-627072207-2265849604-124128874-513 type: ID_TYPE_GID xidNumber: 100 distinguishedName: CN=S-1-5-21-627072207-2265849604-124128874-513> > { > key(50) = "DN=CN=S-1-5-21-540662649-332824406-1706519170-513\00" > data(231) = > "g\19\01&\05\00\00\00CN=S-1-5-21-540662649-332824406-1706519170-513\00cn\00\01\00\00\00+\00\00\00S-1-5-21-540662649-332824406-1706519170-513\00objectClass\00\01\00\00\00\06\00\00\00sidMap\00objectSid\00\01\00\00\00\1C\00\00\00\01\05\00\00\00\00\00\05\15\00\00\00y\DB9 V\7F\D6\13\82j\B7e\01\02\00\00\00type\00\01\00\00\00\0B\00\00\00ID_TYPE_GID\00xidNumber\00\01\00\00\00\03\00\00\00100\00" > } > > - which - I think - should match, no?'100' is the Unix group users, the SID '-513' is for Domain Users, so it is mapping Domain Users to the Unix group 'users'. Samba should not crash, so you need to find out why it is doing so. Is it something you are doing somehow ? If not, then a bug report should be raised on the Samba bugzilla. Rowland