First Last Prev Next    This bug is not in your last search results.
Bug 54470 - Adding a new GPO the new owner is DA and not LA anymore
Adding a new GPO the new owner is DA and not LA anymore
Status: NEW
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: Samba maintainers
Samba maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-02-18 16:12 CET by Christina Scheinig
Modified: 2022-02-18 17:47 CET (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2021121521000433
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christina Scheinig univentionstaff 2022-02-18 16:12:12 CET 
Adding a new GPO the Policy is shown in the filesystem like this:

drwxrwx---+  4 root          Domain Admins   4096 2021-12-20 13:19 {41F02AC9-8E77-4152-9D25-B3C81A333EF1}

The idmaping prevents this from shown in this way:

drwxrwx---+  4          5000 Domain Admins  4,0K Jan  6 16:24 {41F02AC9-8E77-4152-9D25-B3C81A333EF1}

------------------------
Samba-tool ntacl get shows this:
   owner_sid                : *
            owner_sid                : S-1-5-21-2639353322-3808860264-4138808944-500
        group_sid                : *
            group_sid                : S-1-5-21-2639353322-3808860264-4138808944-512
------------------------
samba-tool ntacl get --as-sddl 
O:DAG:DAD:PAI(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)

vs 

O:LAG:DAD:PAI(A;OICI;0x001d0156;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001d0156;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;ED)(A;OICI;0x001200a9;;;S-1-5-21-2639353322-3808860264-4138808944-17651)(A;OICI;0x001200a9;;;DA)(A;OICI;0x001200a9;;;AU)

---------------------
Maybe a side effect of
https://errata.software-univention.de/#/?erratum=4.4x1095

At the moment I have no output from the systemdiagnose,  but the GPO is applied.
Comment 1 Florian Best univentionstaff 2022-02-18 17:00:36 CET 
(In reply to Christina Scheinig from comment #0)
> Maybe a side effect of
> https://errata.software-univention.de/#/?erratum=4.4x1095
Bug #54014
First Last Prev Next    This bug is not in your last search results.