Well, I was finally able to browse my home directory, but unable to make any changes to the permissions nor files. In the samba log appeared
[2003/11/13 12:05:10, 3] smbd/error.c:error_packet(113) error packet at smbd/nttrans.c(1707) cmd=160 (SMBnttrans) NT_STATUS_ACCESS_DENIED when trying to make changes. At level unix I have all the appropriate rights in the share. Also other shares both on ACl and non ACl, even with force user = root, refused any modification to the contents. So I played a bit with the by Adrew Bartlett UID and GID's, since I figured I messed something up while trying (desperately and therefore not always with a causal approach) to fix things. Removed and added user bart (unix uid/ldap uidnumber=1007, Samba SID = domainSID and after - 3014, unix primary group id/ldap gidnumber=513, sambaprimarygroupsid = domainSID and after the - 2027) and now if I look at the acl permissions from my windows box I see as owner /linux/sys instead of Bart, which is what I get if I use sambaSID = 1007 (=unix uid) for a share, but my home (bart) folder dissappeared from the browser, and the homes share is inaccessable. >From the samba log this cought my attention: --- [2003/11/13 13:57:28, 5] auth/auth_util.c:make_user_info_map(216) make_user_info_map: Mapping user []\[] from workstation [BART-WS] [2003/11/13 13:57:28, 5] auth/auth_util.c:make_user_info(132) attempting to make a user_info for () [2003/11/13 13:57:28, 5] auth/auth_util.c:make_user_info(142) making strings for 's user_info struct [2003/11/13 13:57:28, 5] auth/auth_util.c:make_user_info(184) making blobs for 's user_info struct [2003/11/13 13:57:28, 3] auth/auth.c:check_ntlm_password(216) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2003/11/13 13:57:28, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2003/11/13 13:57:28, 5] lib/util.c:dump_data(1825) [000] 0F 78 DD 51 6C B2 79 8D .x�Ql�y. [2003/11/13 13:57:28, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/11/13 13:57:28, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/11/13 13:57:28, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/11/13 13:57:28, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/11/13 13:57:28, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/11/13 13:57:28, 2] lib/smbldap.c:smbldap_search_suffix(1066) smbldap_search_suffix: searching for:[(&(sambaSID=S-1-5-21-66398397-639006455-1170665433-501)(objectclass=sambaSamAccount))] [2003/11/13 13:57:28, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1099) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-66398397-639006455-1170665433-501] count=0 [2003/11/13 13:57:28, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/11/13 13:57:28, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/11/13 13:57:28, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/11/13 13:57:28, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/11/13 13:57:28, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/11/13 13:57:28, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/11/13 13:57:28, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/11/13 13:57:28, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 65534 Primary group is 65533 and contains 3 supplementary groups Group[ 0]: 65533 Group[ 1]: 65533 Group[ 2]: 65534 [2003/11/13 13:57:28, 3] smbd/sec_ctx.c:push_sec_ctx(256) -- and: --- [2003/11/13 13:57:28, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-66398397-639006455-1170665433-501 contains 7 SIDs SID[ 0]: S-1-5-21-66398397-639006455-1170665433-501 SID[ 1]: S-1-5-21-66398397-639006455-1170665433-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-5-21-66398397-639006455-1170665433-132067 SID[ 6]: S-1-5-21-66398397-639006455-1170665433-132069 [2003/11/13 13:57:28, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 65534 Primary group is 65533 and contains 3 supplementary groups Group[ 0]: 65533 Group[ 1]: 65533 Group[ 2]: 65534 --- Nowhere I have specified nor a user neither a group 501. Where can I find more information about how I have to populate these ldap records? Bart. On Thu, 2003-11-13 at 01:16, Andrew Bartlett wrote: > On Thu, 2003-11-13 at 03:11, Carl Weiss wrote: > > Ok if all your users have the same SID xxx-3000 they are not incrementing > > correctly in the add user script. I had this same problem when I wasn't > > correctly authenticating to the LDAP server I was in fact using the > > /etc/passwd file, and then using the same test user accounts that I had on > > the box, i.e. cweiss in ldap and cweiss in /etc/passwd. > > > > To further test change all your SID's manually with an graphical editor like > > GQ. I'm guessing you don't have too many because it's a test install. Also > > make sure to change the SID's of any computers you added. > > > > When I initially found this problem I created a new function in the adduser > > script to find the highest UID and increment by one. The user sid is > > calculated by UID+RID*2 > > UID*2 + 1000 > > GID*2 + 1001 > > is the traditional algorithm. Use it if possible. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
