samba - Mar 2023 - Fwd: samba-gpupdate nsswitch error

Am 14.03.23 um 10:31 schrieb Kees van Vloten via samba:
> I guess the uid is required because a GPO is a file (and something in 
> LDAP). The file is retrieved form the sysvol share and in order to deal 
> with file permissions on Linux you get identified on the filesytem 
> withself with a uid (and gid). In this case it is the computer-account 
> that retrieves the file, at least that is my assumption ?

That is correct. However, GPOs are normally on a DC and there a computer 
has a uid (or xid or whatever it is called). That why a DC does this 
differently.


Regards

Christian

On 14/03/2023 09:38, Christian Naumer via samba wrote:
> Am 14.03.23 um 10:31 schrieb Kees van Vloten via samba:
>> I guess the uid is required because a GPO is a file (and something in 
>> LDAP). The file is retrieved form the sysvol share and in order to 
>> deal with file permissions on Linux you get identified on the 
>> filesytem withself with a uid (and gid). In this case it is the 
>> computer-account that retrieves the file, at least that is my 
>> assumption ?
> 
> 
> That is correct. However, GPOs are normally on a DC and there a computer 
> has a uid (or xid or whatever it is called). That why a DC does this 
> differently.
> 
> 
> Regards
> 
> Christian
> 
> 
 From my testing, this is correct, until you try to use a SID with 
getent and then nothing is returned and the you get the error message:

add_local_groups: SID S-1-5-21-2112549936-2540803609-4198596461-1600 -> 
getpwuid(3000148) failed, is nsswitch configured?

I get the feeling that if the SID could be changed for the computer name 
or Unix ID, it would work.

Rowland