Univention Bugzilla – Bug 39804
Windows Client join: Samba objectSid not synchronized to OpenLDAP
Last modified: 2016-11-02 13:51:51 CET
After the situation of Bug #39802 I found it to be another case where the Windows Client objectSid was not synchronized to OpenLDAP: dn: cn=WIN7PRO,cn=computers,dc=ar41s4pt1,dc=qa uidNumber: 2008 sambaSID: S-1-4-2008 In Samba we have: dn: CN=WIN7PRO,CN=Computers,DC=ar41s4pt1,DC=qa objectSid: S-1-5-21-3323138872-3195841188-3338175544-1111 This is will cause problems with idmap and file access for that client when somebody puts the windows client into some file ACL on a samba share or if GPO security filtering is used directly for that Windows Client. In the GPO case it would generate GPO evaluation issues for that client. All logs from the server are attached to Bug #39802.
Created attachment 7253 [details] win7pro_openldap.ldif
Created attachment 7254 [details] win7pro_samba.ldif
Created attachment 7255 [details] win7pro_idmap.ldif
*** This bug has been marked as a duplicate of bug 36570 ***