search for: id_both

...osoft windows client OS, if you try to connect to a > share with the local SYSTEM user, the client try first with > the machine account user and password, then try anonymously > (then fail ;). > > > So, trying to restate the question more precisely: machine > accounts are ID_BOTH ''users'', so cannot have UID/GID > assigned, or i can assign to machine account a UID (and > assign to 'Domain Computers' a GID)? UID for computer is not needed imo, GID can help. > > > I think that if we add UID to machine account (and GID to > Dom...

...bit here. Why do i use : acl_xattr:ignore system acls = yes >From : man vfs_acl_xattr The vfs_acl_xattr VFS module stores NTFS Access Control Lists (ACLs) in Extended Attributes (EAs). This enables the full mapping of Windows ACLs on Samba servers. Now think in user SYSTEM ( and others with ID_BOTH ) and the problems of settting user/group rights. Now read : acl_xattr:ignore system acls = [yes|no] When set to yes, a best effort mapping from/to the POSIX ACL layer will not be done by this module. The default is no, which means that Samba keeps setting and evaluating both the system...

I'm scripting the ''replica'' of DC xID db (idmap.ldb) between DCs, following: https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Built-in_User_.26_Group_ID_Mappings but i've two question. 1) because i've just in place the sysvol replica, i've thinked of copying the 'idmap.ldb.bak' file on sysvol share (in debian,

Thank everyone for input, It seems that using RID is the way to go. I just tried a few things: 1) - made group, assigned unix GID - added test PC to this group and set this group as "primary group" - added manually to test PC account "uidnumber" on server with samba getent passwd MYDOMAIN\\testpc$ returns nicely testpc$ with UID and GID numbers as set in

...ver\040operators:r-x > default:group:3000002:rwx > default:group:3000003:r-x > default:mask::rwx > default:other::--- > > (eg, group:3000002 and group:3000003) > > Ah! Wait! They are listed in 'user' and 'group' contextes, and so they > are probably 'ID_BOTH' identifiers, that clearly cannot be mapped to > user *and* group... Correct.. See : https://github.com/thctlo/samba4/blob/master/samba-check-set-sysvol.sh Lines 101-144 ;-) The checkup parts. > > > b) a flood of these errors in /var/log/samba/log.winbindd: > > [2019...