Displaying 20 results from an estimated 4000 matches similar to: "Security Principals, and SID's mapping bug"
2017 Jan 25
1
Security Principals, and SID's mapping bug
Steps to reproduce.
Try this:
1.Viewing/Edit a GPO,
go to Computer Configuration > Control Panel Settings > Scheduled Tasks.
2.Right-click in the window and choose
New > Scheduled Task (At least Windows 7).
3.On the General tab:
a.Set the name to TestSchedule.
b.Run the task as NT AUTHORITY\System. Check Run with highest privileges.
c.Click OK.
3b, try, klik change user/group.
2017 Jan 24
4
Security Principals, and SID's mapping bug
Hai,
Does anyone know more if this is adressed or point me to the bug report?
There should be one, but i cant find it.
Im finding the following again, tested with samba 4.4.5, now samba 4.5.3.
These reports go back to the year 2013.
I searched in my mail samba folder for S-1-5-18
The problem.
I create a "computer" Scheduled task.
Now this task MUST run as : SYSTEM (S-1-5-18)
2017 Jan 25
0
Security Principals, and SID's mapping bug
Did looked up some old threads.
it started here :
Nov 2013 https://lists.samba.org/archive/samba/2013-November/177110.html
Then https://lists.samba.org/archive/samba/2014-June/182429.html
On this link, test there shows on the DC..
root at DC2:~# wbinfo -G 3000002
S-1-5-18
root at DC2:~# wbinfo -s S-1-5-18
NT AUTHORITY+SYSTEM 5
root at DC2:~#
so it was working in 2014. that was samba 4.1.x
2017 Jan 25
0
Security Principals, and SID's mapping bug
Yeah, i noticed, tried also adding user and group..
For the domain member, its not a problem.
I have a workaround now for my PC which have joined my domain, so i can go ahead with what im testing.
Thanks for haveing a look into it.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Rowland Penny [mailto:rpenny at samba.org]
> Verzonden: woensdag 25 januari 2017 12:41
>
2017 Feb 16
5
Windows ACL clarification for Roaming Profiles share
On Thu, 16 Feb 2017 07:30:03 +0100
Marc Muehlfeld via samba <samba at lists.samba.org> wrote:
>
> On Windows, the SYSTEM account is used by services on the local host
> (in your case, the local host is your Samba server). For example,
> virus scanners might use it to get access to all files. However,
> there is nothing on your Samba server that uses the SYSTEM account.
>
2016 Dec 01
4
workaround needed for Security Principals, and SID's mapping bug.
Hai,
Does anyone know if this Security Principals, and SID's mapping bug is resolved or if there is any patch.
Rowland? Achim? Any samba dev?
I really need it.
Im at samba 4.4.5
I cant find if its fixed in 4.4.7 or 4.5.1
To check if you affected with this, follow these steps.
1. Under "When running the task, use the following user
2016 Dec 02
6
workaround needed for Security Principals, and SID's mapping bug.
Editing the xml.. results in same error. ( which is logical )
The exact event from windows.
Eventlog info:
Source : Group Policy Scheduled Tasks.
ID : 4098
USER : SYSTEM
Error code : Group Policy object did not apply because it failed with error code '0x80070534 No mapping between account names and security IDs was done.' This error was suppressed.
So I'll wait until this
2017 Jan 24
0
Security Principals, and SID's mapping bug
On Tue, 24 Jan 2017 15:02:14 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> Hai,
>
> Does anyone know more if this is adressed or point me to the bug
> report? There should be one, but i cant find it.
>
> Im finding the following again, tested with samba 4.4.5, now samba
> 4.5.3. These reports go back to the year 2013.
> I
2016 Dec 02
3
workaround needed for Security Principals, and SID's mapping bug.
Am 01.12.2016 um 13:35 schrieb L.P.H. van Belle via samba:
> Hai Rowland,
>
> This happens when im creating a "Scheduled task" ,
> this task needs NT AUTHORITY\System but you need to select the account,
> when you select the account a sid/rid mapping is done and this fails.
> Resulting in the windows event id and error code.
> While searching for that i found that i
2017 Feb 20
2
Windows ACL clarification for Roaming Profiles share
Hello Marc,
First of all.
https://abhijitw.wordpress.com/2012/03/03/the-local-system-account/
is really outdated.
The Explanation is simply incomplete.
Yes, localy there is SYSTEM. But due to some i think sid/rid whatever wrong mapping its not working correctly in samba when you use GPO settings also.
Per example. And its the last time im telling it.
I beleave that, somewhere somehow, the
2016 Dec 01
0
workaround needed for Security Principals, and SID's mapping bug.
Hai Rowland,
This happens when im creating a "Scheduled task" ,
this task needs NT AUTHORITY\System but you need to select the account,
when you select the account a sid/rid mapping is done and this fails.
Resulting in the windows event id and error code.
While searching for that i found that i cant type the username.
You must select it.
To reproduce.
Create a GPO :
Computer
2016 Dec 02
3
workaround needed for Security Principals, and SID's mapping bug.
Exact, and at this point, im at also.
Here, typing the username results in the windows event and errors out.
Did a lot of research and im 100% this is and missing mapping.
Typing does not works, i dont know if this is a windows thing or a samba thing. But i found several reports where in a windows 7+ with Server 2008 also errors if you type the username.
And thanks you for having a look..
2018 Jun 14
2
Fixing sysvol permissions
On Thu, 14 Jun 2018 09:39:46 +0200 L.P.H. van Belle wrote:
> Hi Mark,
>
> See below. ;-)
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Mark
> > Foley via samba
> > Verzonden: woensdag 13 juni 2018 22:50
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] Admin UID changed with
2018 Jun 13
4
Admin UID changed with upgrade to 4.8.2
Imo, this is a left over of an old bug, just remove the file Registry.po imo, i'll bet its never used.
The computer looks for Registry.pol not Registry.po.
> -rwxrwx--- 1 root users 958 2014-09-13 04:01 Registry.po*
> -rwxrwx--- 1 3000000 users 958 2014-09-13 04:01 Registry.pol*
Look at the date 2014, and i do remember something about this.
But... What does getfacl say about
2016 Dec 02
0
workaround needed for Security Principals, and SID's mapping bug.
Am 02.12.2016 um 09:34 schrieb L.P.H. van Belle via samba:
> Exact, and at this point, im at also.
>
> Here, typing the username results in the windows event and errors out.
> Did a lot of research and im 100% this is and missing mapping.
> Typing does not works, i dont know if this is a windows thing or a samba thing. But i found several reports where in a windows 7+ with Server
2020 Oct 05
2
SID security
After sending the email I realized that I did not mention that while
rebuilding the OS, I kept the "old" /srv/samba files. Which in turn kept
the old permission settings. I think (could be wrong) that keeping the old
SID are now different from the new SID's created while rebuilding to
v4.12.6.
To answer your DC question:
root at dc1:~# wbinfo -s
2016 Dec 02
0
workaround needed for Security Principals, and SID's mapping bug.
No, i believe that guy is wrong.
MS-DTYP
https://msdn.microsoft.com/en-us/library/cc980032.aspx
NT AUTHORITY\SYSTEM S-1-5-18
NT AUTHORITY\authenticated users S-1-5-11
Etc etc.
Monday i'll have a look again.
Have a nice weeken everybody.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Achim Gottinger
> via
2017 May 24
7
classic upgrade, splitting servers
Hai Stefan,
A heads up and few adviced changes/tips for you.
smb.conf:
realm = my.tld
Change to
realm = MY.TLD
Try to set a REALM always in CAPS. Some programs rely on that. ( for example, MIT Kerberos expects realm in CAPS )
So prepair for 4.7 now already to save problems in future.
These shares.
> [netlogon]
> path = /var/lib/samba/sysvol/my.tld/scripts
> read only = No
>
2018 Feb 06
7
GPOs not Working!
ok,
do the following.
set ignore systemacl to yes on sysvol and netlogon.
login as dom\administrator
computer manager, connect to dc.
share sysvol, goto share security, reset to defalts.
same for folder.
goto gpo manager,
klik on every gpo object, if one has wrong acl, you get a message to reset it, thats ok.
now never samba-tool sysvol reset
if you do, you might need to set share/file
2020 Oct 05
2
SID security
As the result of my own actions I have had to rebuild my DC's and member
server Samba version. It's my fault for upgrading to v4.13.0 too soon.
On W10, logged in as administrator, connected to the member server via
FileExplorer, the file permissions (via Properties tab) >> Security (tab >>
Advanced >> shows the following permissions for the \\mbr04\data folder:
Creator