[Samba] pdbedit not working as documented

John McLoskey johnmcloskey at bellsouth.net
Tue Aug 9 08:02:31 GMT 2005


Am I building user_sid internally every time? 
We seem to ignore -U argument to pdbedit.
At line 475 of samba-3.0.14a/source/utils/pdbedit.c;

	if (user_sid) {
		DOM_SID u_sid;
		if (!string_to_sid(&u_sid, user_sid)) {
			/* not a complete sid, may be a RID, try building a
SID */
			int u_rid;
			
			if (sscanf(user_sid, "%d", &u_rid) != 1) {
				fprintf(stderr, "Error passed string is not
a complete user SID or RID!\n");
				return -1;
			}
			sid_copy(&u_sid, get_global_sam_sid());
			sid_append_rid(&u_sid, u_rid);
		}
		pdb_set_user_sid (sam_pwent, &u_sid, PDB_CHANGED);
	}
	if (group_sid) {
		DOM_SID g_sid;
		if (!string_to_sid(&g_sid, group_sid)) {
			/* not a complete sid, may be a RID, try building a
SID */
			int g_rid;
			
			if (sscanf(group_sid, "%d", &g_rid) != 1) {
				fprintf(stderr, "Error passed string is not
a complete group SID or RID!\n");
				return -1;
			}
			sid_copy(&g_sid, get_global_sam_sid());
			sid_append_rid(&g_sid, g_rid);
		}
		pdb_set_group_sid (sam_pwent, &g_sid, PDB_CHANGED);
	}

-----Original Message-----
From: samba-bounces+johnmcloskey=bellsouth.net at lists.samba.org
[mailto:samba-bounces+johnmcloskey=bellsouth.net at lists.samba.org] On Behalf
Of John McLoskey
Sent: Tuesday, August 09, 2005 12:46 AM
To: samba at lists.samba.org
Subject: RE: [Samba] pdbedit not working as documented

Modifying account has same behavior;

smbsvr# pdbedit -r test1 -U S-1-5-21-1375268081-527015025-691025275-3010
Unix username:        test1
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-1375268081-527015025-691025275-3008
Primary Group SID:    S-1-5-21-1375268081-527015025-691025275-3009
Full Name:            User &
Home Directory:       \\smbsvr\home\test1
HomeDir Drive:        H:
Logon Script:
Profile Path:         \\smbsvr\home\test1\profile
Domain:               WORKGROUP
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Mon, 18 Jan 2038 21:14:07 UTC
Kickoff time:         Mon, 18 Jan 2038 21:14:07 UTC
Password last set:    Tue, 09 Aug 2005 04:53:13 UTC
Password can change:  Tue, 09 Aug 2005 04:53:13 UTC
Password must change: Mon, 18 Jan 2038 21:14:07 UTC
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

-----Original Message-----
From: samba-bounces+johnmcloskey=bellsouth.net at lists.samba.org
[mailto:samba-bounces+johnmcloskey=bellsouth.net at lists.samba.org] On Behalf
Of John McLoskey
Sent: Monday, August 08, 2005 11:55 PM
To: samba at lists.samba.org
Subject: [Samba] pdbedit not working as documented

I have am hitting a wall with pdbedit, as shown below. 
Any workarounds would be greatly appreciated. 
I am encountering the inability to change any users (profile) SID on Samba
3.x for Linux and BSD, which causes the accounts to no longer recognize
their local Samba 2 profiles once they join Samba 3 domain. If I add a new
user and pdbedit -a user -U SID it ignores the -U.
The old profiles appear on the Windows clients as "unknown profile". 
The problem is that the profiles are inaccessible. 
If I man pdbedit, it clearly states the ability to;



 smbsvr# man pdbedit

...

      -G SID|rid
              This option can be used while adding or  modifying  a  user
ac-
              count. It will specify the users' new primary group SID
(Securi-
              ty Identifier) or rid.

              Example: -G S-1-5-21-2447931902-1787058256-3961074038-1201


       -U SID|rid
              This option can be used while adding or  modifying  a  user
ac-
              count.  It will specify the users' new SID (Security
Identifier)
              or rid.

              Example: -U S-1-5-21-2447931902-1787058256-3961074038-5004

Last login: Mon Aug  8 22:00:37 2005 from 192.168.1.101
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
        The Regents of the University of California.  All rights reserved.

FreeBSD 5.4-RELEASE (GENERIC) #0: Sun May  8 10:21:06 UTC 2005

smbsvr# pdbedit -V
Version 3.0.12
smbsvr# pdbedit -r Administrator
Unix username:        Administrator
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-1375268081-527015025-691025275-3006
Primary Group SID:    S-1-5-21-1375268081-527015025-691025275-3007
Full Name:            User &
Home Directory:       \\smbsvr\home\Administrator
HomeDir Drive:        H:
Logon Script:
Profile Path:         \\smbsvr\home\Administrator\profile
Domain:               WORKGROUP
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Mon, 18 Jan 2038 21:14:07 UTC
Kickoff time:         Mon, 18 Jan 2038 21:14:07 UTC
Password last set:    Mon, 08 Aug 2005 21:39:22 UTC
Password can change:  Mon, 08 Aug 2005 21:39:22 UTC
Password must change: Mon, 18 Jan 2038 21:14:07 UTC
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
smbsvr# pdbedit -u Administrator -U
S-1-5-21-1375268081-527015025-691025275-3007
Administrator:1003:User &
smbsvr# pdbedit -r Administrator
Unix username:        Administrator
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-1375268081-527015025-691025275-3006
Primary Group SID:    S-1-5-21-1375268081-527015025-691025275-3007
Full Name:            User &
Home Directory:       \\smbsvr\home\Administrator
HomeDir Drive:        H:
Logon Script:
Profile Path:         \\smbsvr\home\Administrator\profile
Domain:               WORKGROUP
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Mon, 18 Jan 2038 21:14:07 UTC
Kickoff time:         Mon, 18 Jan 2038 21:14:07 UTC
Password last set:    Mon, 08 Aug 2005 21:39:22 UTC
Password can change:  Mon, 08 Aug 2005 21:39:22 UTC
Password must change: Mon, 18 Jan 2038 21:14:07 UTC
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
smbsvr# adduser
Username: test1
Full name:
Uid (Leave empty for default):
Login group [test1]:
Login group is test1. Invite test1 into other groups? []:
Login class [default]:
Shell (sh csh tcsh nologin) [sh]:
Home directory [/home/test1]:
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username   : test1
Password   : *****
Full Name  :
Uid        : 1004
Class      :
Groups     : test1
Home       : /home/test1
Shell      : /bin/sh
Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (test1) to the user database.
Add another user? (yes/no): no
Goodbye!
smbsvr#
smbsvr#
smbsvr# pdbedit -a test1 -U S-1-5-21-1375268081-527015025-691025275-5000
new password:
retype new password:
Unix username:        test1
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-1375268081-527015025-691025275-3008
Primary Group SID:    S-1-5-21-1375268081-527015025-691025275-3009
Full Name:            User &
Home Directory:       \\smbsvr\home\pdigm\test1
HomeDir Drive:        H:
Logon Script:
Profile Path:         \\smbsvr\home\pdigm\test1\profile
Domain:               WORKGROUP
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Mon, 18 Jan 2038 21:14:07 UTC
Kickoff time:         Mon, 18 Jan 2038 21:14:07 UTC
Password last set:    Tue, 09 Aug 2005 04:53:13 UTC
Password can change:  Tue, 09 Aug 2005 04:53:13 UTC
Password must change: Mon, 18 Jan 2038 21:14:07 UTC
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
smbsvr# wtf
wtf: Command not found.
smbsvr#

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba



More information about the samba mailing list