samba - Jul 2023 - Synology shares not accessible...

On 06/07/2023 09:39, Ingo Asche via samba wrote:
> I found something out about this SID which - according to Synology - is 
> creating the problem.
> 
> Rowland may remember that he said it is not in this patch I was 
> requested to install.
What I actually said was this:

Just one other thought, You are having problems with the SID S-1-18-1
and the patch on that bug report does not mention that SID, so even if
you do manage to patch something, it isn't likely to help you.


Which was wrong, but only because when I look closer i.e. pay more 
attention, there are two patches and neither of them mention 'S-1-18'
> 
> The SID is S-1-18-1 and according to Microsoft this Well-Known SID
don't
> exists in Windows AD 2008R2 and below.
>
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab?redirectedfrom=MSDN
>
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/11e1608c-6169-4fbc-9c33-373fc9b224f4#Appendix_A_37
> 
> And as Samba is at the moment at Functional Level 2008R2 it is correct 
> that this one is not found. 
I would agree with you, Samba is still at function level 2008R2, even 
using the 4.18.x releases, so 4.15.x (which I think synology is based 
on) is definitely function level 2008R2. This means, by my 
understanding, Samba shouldn't know anything about 'S-1-18' SIDs and
by
basing on an old Samba version, neither should synology.

> I asked Synology which Windows AD version 
> they support.
> 
> I don't got an answer until now. But if they claim supporting 2008R2, 
> the question would be, why then is this causing a problem? ;-)
> 
Because they are doing their own thing ????

A quick google turned this up:

https://www.synology.com/en-eu/dsm/7.2/software_spec/synology_directory_server

DSM 7.2 appears to be the latest version and has Domain functional level 
equivalent to 200R2, but appears to based on Samba 4.10.x

Rowland

Rowland Penny via samba schrieb am 06.07.2023 um 11:36:
>
> On 06/07/2023 09:39, Ingo Asche via samba wrote:
>> I found something out about this SID which - according to Synology - 
>> is creating the problem.
>>
>> Rowland may remember that he said it is not in this patch I was 
>> requested to install.
>
> What I actually said was this:
>
> Just one other thought, You are having problems with the SID S-1-18-1
> and the patch on that bug report does not mention that SID, so even if
> you do manage to patch something, it isn't likely to help you.
>
You're right, I shortened it to much, sorry for
that...
>
> Which was wrong, but only because when I look closer i.e. pay more 
> attention, there are two patches and neither of them mention
'S-1-18'
>
>>
>> The SID is S-1-18-1 and according to Microsoft this Well-Known SID 
>> don't exists in Windows AD 2008R2 and below.
>>
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab?redirectedfrom=MSDN
>>
>>
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/11e1608c-6169-4fbc-9c33-373fc9b224f4#Appendix_A_37
>>
>>
>> And as Samba is at the moment at Functional Level 2008R2 it is 
>> correct that this one is not found. 
>
> I would agree with you, Samba is still at function level 2008R2, even 
> using the 4.18.x releases, so 4.15.x (which I think synology is based 
> on) is definitely function level 2008R2. This means, by my 
> understanding, Samba shouldn't know anything about 'S-1-18'
SIDs and
> by basing on an old Samba version, neither should synology.
>
>
>> I asked Synology which Windows AD version they support.
>>
>> I don't got an answer until now. But if they claim supporting
2008R2,
>> the question would be, why then is this causing a problem? ;-)
>>
>
> Because they are doing their own thing ????
This was more a rhetorical question... :-)
> A quick google turned this up:
>
>
https://www.synology.com/en-eu/dsm/7.2/software_spec/synology_directory_server
>
>
> DSM 7.2 appears to be the latest version and has Domain functional 
> level equivalent to 200R2, but appears to based on Samba 4.10.x
This document seems not quite actual, because they are now on 
4.15.13(-0615), but I think this will make no difference.

By the way Directory Server and SMB-Service are two different packages 
on their system.
>
> Rowland
>
Regards
Ingo
https://github.com/WAdama