TIM router and USB device permissions (Samba)
Solution 1:
An explanation for these SIDs is found in the notes Samba 3 User and Group Changes :
Unmapped users are now assigned a SID in the S-1-22-1 domain and unmapped groups are assigned a SID in the S-1-22-2 domain.
The problem you are experiencing is then explained:
An example helps to illustrate the change:
Assume that a group named developers exists with a UNIX GID of 782. In this case this group does not exist in Samba's group mapping table. It would be perfectly normal for this group to be appear in an ACL editor. Prior to Samba-3.0.23, the group SID might appear as
S-1-5-21-647511796-4126122067-3123570092-2565
.With the release of Samba-3.0.23, the group SID would be reported as
S-1-22-2-782
. Any security descriptors associated with files stored on a Windows NTFS disk partition will not allow access based on the group permissions if the user was not a member of theS-1-5-21-647511796-4126122067-3123570092-2565
group. Because this group SID isS-1-22-2-782
and not reported in a user's token,
Windows would fail the authorization check even though both SIDs in some respect refer to the same UNIX group.
The solution that is proposed is as follows:
The workaround for versions of Samba prior to 3.0.23, is to create a manual domain group mapping entry for the group developers to point at the
S-1-5-21-647511796-4126122067-3123570092-2565
SID.
With the release of Samba-3.0.23 this workaround is no longer needed.
Therefore, your choices as I see them are :
- Gain SSH access to the router and modify the Samba tables so as to give the
SIDs from
S-1-22
the necessary "everyone" permissions. This will require good knowledge about the router's Linux and Samba versions, and a mistake is certainly possible. - Get in touch with the Support of your internet service provider. They might be able to guide you in making these changes, or would have a firmware update for upgrading Samba to a version later than 3.0.23, where the problem is said to no longer exist. Samba version 4.x should be even better.