More info:
In additon, samba logs indicate the problem with this message:
[2006/08/31 11:08:06, 2]
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2797)
Returning domain sid for domain DUDESDOMAIN ->
S-1-5-21-744321777-3942209422-1033525612
That SID is not DUDESDOMAIN\dudeman SID. That SID must be created by samba
when it can't resolve the SID for the DUDESMAN domain. It is very odd that
it *says* it's getting that SID from the DUDESDOMAIN, but I assure you the
SID is not correct.
Thanks,
Alex
On Thu, 31 Aug 2006, Alexander Lazarevich wrote:
We run samba on at least two of our linux servers. Both smb.conf's are domain
members of an NT4 windows server, so all security information is gathered
from the NT4 domain controller. We have a problem on one of the samba servers
whereby samba is unable to recognize the account SID for a domain user. This
is a new problem, only on newer versions of samba.
The problem manifests itself on the windows clients as such:
- let's say our domain is DUDESDOMAIN
- let's say the username is dudeman
- thus, permissions on files used to be "dudeman (DUDESDOMAIN\dudeman)"
- but now, only on newer versions of samba, permissions are now showing up
as: "dudeman (Unix User\dudeman)", and the older permission object is
showing up as an "Account Unknown (SID#)"
I'm not sure there are any other symptoms of this problem, windows machines
work okay. However, just today we discovered that WinZip files complain about
bad permissions on all .zip files, and I'm wondering if this is another
symptom. Either way, samba should be able to resolve the SID the the
DUDESDOMAIN domain, like it used to just fine.
The older server is RHEL3-AS x86 running samba-3.0.9-1.3E.10 RPM from RedHat.
This server is working fine, the permissions are correct on all files as
"dudeman (DUDESDOMAIN\dudeman)".
The new server is RHEL4-AS x64 running a compiled samba-3.0.23a.
I have verified that the older samba server does NOT have this problem at
all. The newer samba server has the problem on all files.
Any ideas? I'm looking through the smb.conf to find the answer, thought it
might be related to the "windbind use default domain", but no matter what I
set that to, the behavior is the same.
Anyone else see this problem, know the solution?
Here is a snippit from our global smb.conf on the newer samba server, the
smb.conf on the older server is exactly the same, except for minor changes in
hostnames and such:
[global]
server string = Samba File Server
interfaces = xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
wins server = xxx.xxx.xxx.xxx
domain master = no
preferred master = no
netbios name = samba-hostname
announce version = 1.0
load printers = no
password level = 8
security = server
password server = IP-of-NT4-PDC
workgroup = DUDESDOMAIN
encrypt passwords = yes
large readwrite = no
hosts allow = xxx.xxx.xxx.xxx
log file = /var/log/samba/hostname-samba.log
log level = 2
max log size = 0
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
# idmap uid = 16777216-33554431
# idmap gid = 16777216-33554431
template shell = /bin/false
# winbind use default domain = no
testparm on smb.conf is fine:
[EMAIL PROTECTED] lib]# testparm
Load smb config files from /usr/local/encap/samba-3.0.23a/lib/smb.conf
Processing section "[homes]"
Processing section "[staff]"
Processing section "[users]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Like I said before, samba has worked fine until a recent upgrade, I'm not
sure when these permissions issues first started showing up though.
Thanks,
Alex
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba