On Tue, 2012-10-16 at 18:09 +1100, Andrew Bartlett wrote: > On Tue, 2012-10-16 at 13:17 +1100, Andrew Bartlett wrote: > > On Sat, 2012-10-13 at 19:30 +1100, Andrew Bartlett wrote: > > > On Sat, 2012-10-13 at 09:58 +0330, Mohammad Ebrahim Abravi wrote: > > > > Solved > > > > > > > > Thanks a lot > > > > > > Thanks. > > > > > > The root of the issue is this automatically generated entry in your > > > idmap.ldb: > > > > > > # record 12 > > > dn: CN=S-1-5-32-544 > > > cn: S-1-5-32-544 > > > objectClass: sidMap > > > objectSid: S-1-5-32-544 > > > type: ID_TYPE_GID > > > xidNumber: 10 > > > distinguishedName: CN=S-1-5-32-544 > > > > > > > > > What we need to do in your case is to remove that record, so it becomes > > > regenerated as an IDMAP_BOTH. We also need to remove the generation of > > > that record from provision. > > > > > > The issue is that as a GID, you of course can't own a file. The ntvfs > > > file server papered over this issue (didn't deal with file ownership at > > > a unix level), but the smbd file server needs to correctly set posix > > > permissions. > > > > > > I hope this clarifies things. If you can please file a bug, I'll try > > > not to forget this. > > > > The attached patch should prevent this for a new provision. Are you > > able to test if this fixes things for you (on a new test domain?) > > This updated version uses the primary group of root (or the --root user) > rather than hoping that there will be a group by the same name.
Fixing this and not breaking tests that subtly depend on idmap configuration is proving tricky, but I'll get this sorted soon. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
