-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Franz Sirl wrote:
> v2 of the patch still works fine, but the list > of working syntaxes changed. These work: > > valid users = +users > valid users = +"Unix Group\users" > valid users = S-1-22-2-100 > > These didn't work: > > valid users = +HOSTNAME\users > valid users = +BUILTIN\users > valid users = S-1-5-21-1540046517-542637695-1028676802-1201 This is to be expected. All unmapped users will possess a SID in the S-1-22-1 domain and all unmapped groups will be in the S-1-22-2 domain. HOSTNAME\users would work for a mapped group. BUILTIN\users would work if you have local builtin group called users (e.g. "net sam createbuiltin Users") > And it's not that I expect all of these to work, it's > more that I tried about any combo that I saw in the > logs :-). Though I believe that the +"Unix Group\users" > is nice to have in case I switch to PDC, cause > personally I like to be explicit in configuration files. There problem is that if you create a group map entry for HOSTNAME\users, "unix Group\users" will resolve to a different SID and hence anyone actually in the users group from /etc/group will have the HOSTNAME\users SID in their token. At this time we are *not* recommending that anyone qualify names with HOSTNAME or "Unix XXX". Samba will handle the steps necessary to resolve the name, giving precedence to mapped users and groups over unmapped ones. You only have to qualify domain names and groups in the BUILTIN domain. I've got a long mail that explains we made this change and we had a hard time with 3.0.23. I'll try to send it out next week. cheers, jerry ===================================================================== Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3iKpIR7qMdg1EfYRAtvGAKCCdblzwxS5qv2iL4Dplt9HTEwq6QCgsm6l jVl0lWeAB0JQtsUreRW0xzs= =63O3 -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
