similar to: Security Principals, and SID's mapping bug

Steps to reproduce. Try this: 1.Viewing/Edit a GPO, go to Computer Configuration > Control Panel Settings > Scheduled Tasks. 2.Right-click in the window and choose New > Scheduled Task (At least Windows 7). 3.On the General tab: a.Set the name to TestSchedule. b.Run the task as NT AUTHORITY\System. Check Run with highest privileges. c.Click OK. 3b, try, klik change user/group.

Hai, Does anyone know more if this is adressed or point me to the bug report? There should be one, but i cant find it. Im finding the following again, tested with samba 4.4.5, now samba 4.5.3. These reports go back to the year 2013. I searched in my mail samba folder for S-1-5-18 The problem. I create a "computer" Scheduled task. Now this task MUST run as : SYSTEM (S-1-5-18)

Did looked up some old threads. it started here : Nov 2013 https://lists.samba.org/archive/samba/2013-November/177110.html Then https://lists.samba.org/archive/samba/2014-June/182429.html On this link, test there shows on the DC.. root at DC2:~# wbinfo -G 3000002 S-1-5-18 root at DC2:~# wbinfo -s S-1-5-18 NT AUTHORITY+SYSTEM 5 root at DC2:~# so it was working in 2014. that was samba 4.1.x

Yeah, i noticed, tried also adding user and group.. For the domain member, its not a problem. I have a workaround now for my PC which have joined my domain, so i can go ahead with what im testing. Thanks for haveing a look into it. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: Rowland Penny [mailto:rpenny at samba.org] > Verzonden: woensdag 25 januari 2017 12:41 >

On Thu, 16 Feb 2017 07:30:03 +0100 Marc Muehlfeld via samba <samba at lists.samba.org> wrote: > > On Windows, the SYSTEM account is used by services on the local host > (in your case, the local host is your Samba server). For example, > virus scanners might use it to get access to all files. However, > there is nothing on your Samba server that uses the SYSTEM account. >

Hai,   Does anyone know if this Security Principals, and SID's mapping bug is resolved or if there is any patch. Rowland? Achim? Any samba dev?   I really need it.   Im at samba 4.4.5 I cant find if its fixed in 4.4.7 or 4.5.1   To check if you affected with this, follow these steps.   1.                       Under "When running the task, use the following user

Editing the xml.. results in same error. ( which is logical ) The exact event from windows. Eventlog info: Source : Group Policy Scheduled Tasks. ID : 4098 USER : SYSTEM Error code : Group Policy object did not apply because it failed with error code '0x80070534 No mapping between account names and security IDs was done.' This error was suppressed. So I'll wait until this

On Tue, 24 Jan 2017 15:02:14 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > Hai, > > Does anyone know more if this is adressed or point me to the bug > report? There should be one, but i cant find it. > > Im finding the following again, tested with samba 4.4.5, now samba > 4.5.3. These reports go back to the year 2013. > I

Am 01.12.2016 um 13:35 schrieb L.P.H. van Belle via samba: > Hai Rowland, > > This happens when im creating a "Scheduled task" , > this task needs NT AUTHORITY\System but you need to select the account, > when you select the account a sid/rid mapping is done and this fails. > Resulting in the windows event id and error code. > While searching for that i found that i

Hello Marc, First of all. https://abhijitw.wordpress.com/2012/03/03/the-local-system-account/ is really outdated. The Explanation is simply incomplete. Yes, localy there is SYSTEM. But due to some i think sid/rid whatever wrong mapping its not working correctly in samba when you use GPO settings also. Per example. And its the last time im telling it. I beleave that, somewhere somehow, the

Hai Rowland, This happens when im creating a "Scheduled task" , this task needs NT AUTHORITY\System but you need to select the account, when you select the account a sid/rid mapping is done and this fails. Resulting in the windows event id and error code. While searching for that i found that i cant type the username. You must select it. To reproduce. Create a GPO : Computer

Exact, and at this point, im at also. Here, typing the username results in the windows event and errors out. Did a lot of research and im 100% this is and missing mapping. Typing does not works, i dont know if this is a windows thing or a samba thing. But i found several reports where in a windows 7+ with Server 2008 also errors if you type the username. And thanks you for having a look..

On Thu, 14 Jun 2018 09:39:46 +0200 L.P.H. van Belle wrote: > Hi Mark, > > See below. ;-) > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Mark > > Foley via samba > > Verzonden: woensdag 13 juni 2018 22:50 > > Aan: samba at lists.samba.org > > Onderwerp: Re: [Samba] Admin UID changed with

Imo, this is a left over of an old bug, just remove the file Registry.po imo, i'll bet its never used. The computer looks for Registry.pol not Registry.po. > -rwxrwx--- 1 root users 958 2014-09-13 04:01 Registry.po* > -rwxrwx--- 1 3000000 users 958 2014-09-13 04:01 Registry.pol* Look at the date 2014, and i do remember something about this. But... What does getfacl say about

Am 02.12.2016 um 09:34 schrieb L.P.H. van Belle via samba: > Exact, and at this point, im at also. > > Here, typing the username results in the windows event and errors out. > Did a lot of research and im 100% this is and missing mapping. > Typing does not works, i dont know if this is a windows thing or a samba thing. But i found several reports where in a windows 7+ with Server

After sending the email I realized that I did not mention that while rebuilding the OS, I kept the "old" /srv/samba files. Which in turn kept the old permission settings. I think (could be wrong) that keeping the old SID are now different from the new SID's created while rebuilding to v4.12.6. To answer your DC question: root at dc1:~# wbinfo -s

No, i believe that guy is wrong. MS-DTYP https://msdn.microsoft.com/en-us/library/cc980032.aspx NT AUTHORITY\SYSTEM S-1-5-18 NT AUTHORITY\authenticated users S-1-5-11 Etc etc. Monday i'll have a look again. Have a nice weeken everybody. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Achim Gottinger > via

Hai Stefan, A heads up and few adviced changes/tips for you. smb.conf: realm = my.tld Change to realm = MY.TLD Try to set a REALM always in CAPS. Some programs rely on that. ( for example, MIT Kerberos expects realm in CAPS ) So prepair for 4.7 now already to save problems in future. These shares. > [netlogon] > path = /var/lib/samba/sysvol/my.tld/scripts > read only = No >

ok, do the following. set ignore systemacl to yes on sysvol and netlogon. login as dom\administrator computer manager, connect to dc. share sysvol, goto share security, reset to defalts. same for folder. goto gpo manager, klik on every gpo object, if one has wrong acl, you get a message to reset it, thats ok. now never samba-tool sysvol reset if you do, you might need to set share/file

As the result of my own actions I have had to rebuild my DC's and member server Samba version. It's my fault for upgrading to v4.13.0 too soon. On W10, logged in as administrator, connected to the member server via FileExplorer, the file permissions (via Properties tab) >> Security (tab >> Advanced >> shows the following permissions for the \\mbr04\data folder: Creator