[Samba] pdbedit not working as documented
John McLoskey
johnmcloskey at bellsouth.net
Tue Aug 9 08:02:31 GMT 2005
Am I building user_sid internally every time?
We seem to ignore -U argument to pdbedit.
At line 475 of samba-3.0.14a/source/utils/pdbedit.c;
if (user_sid) {
DOM_SID u_sid;
if (!string_to_sid(&u_sid, user_sid)) {
/* not a complete sid, may be a RID, try building a
SID */
int u_rid;
if (sscanf(user_sid, "%d", &u_rid) != 1) {
fprintf(stderr, "Error passed string is not
a complete user SID or RID!\n");
return -1;
}
sid_copy(&u_sid, get_global_sam_sid());
sid_append_rid(&u_sid, u_rid);
}
pdb_set_user_sid (sam_pwent, &u_sid, PDB_CHANGED);
}
if (group_sid) {
DOM_SID g_sid;
if (!string_to_sid(&g_sid, group_sid)) {
/* not a complete sid, may be a RID, try building a
SID */
int g_rid;
if (sscanf(group_sid, "%d", &g_rid) != 1) {
fprintf(stderr, "Error passed string is not
a complete group SID or RID!\n");
return -1;
}
sid_copy(&g_sid, get_global_sam_sid());
sid_append_rid(&g_sid, g_rid);
}
pdb_set_group_sid (sam_pwent, &g_sid, PDB_CHANGED);
}
-----Original Message-----
From: samba-bounces+johnmcloskey=bellsouth.net at lists.samba.org
[mailto:samba-bounces+johnmcloskey=bellsouth.net at lists.samba.org] On Behalf
Of John McLoskey
Sent: Tuesday, August 09, 2005 12:46 AM
To: samba at lists.samba.org
Subject: RE: [Samba] pdbedit not working as documented
Modifying account has same behavior;
smbsvr# pdbedit -r test1 -U S-1-5-21-1375268081-527015025-691025275-3010
Unix username: test1
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1375268081-527015025-691025275-3008
Primary Group SID: S-1-5-21-1375268081-527015025-691025275-3009
Full Name: User &
Home Directory: \\smbsvr\home\test1
HomeDir Drive: H:
Logon Script:
Profile Path: \\smbsvr\home\test1\profile
Domain: WORKGROUP
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mon, 18 Jan 2038 21:14:07 UTC
Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC
Password last set: Tue, 09 Aug 2005 04:53:13 UTC
Password can change: Tue, 09 Aug 2005 04:53:13 UTC
Password must change: Mon, 18 Jan 2038 21:14:07 UTC
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-----Original Message-----
From: samba-bounces+johnmcloskey=bellsouth.net at lists.samba.org
[mailto:samba-bounces+johnmcloskey=bellsouth.net at lists.samba.org] On Behalf
Of John McLoskey
Sent: Monday, August 08, 2005 11:55 PM
To: samba at lists.samba.org
Subject: [Samba] pdbedit not working as documented
I have am hitting a wall with pdbedit, as shown below.
Any workarounds would be greatly appreciated.
I am encountering the inability to change any users (profile) SID on Samba
3.x for Linux and BSD, which causes the accounts to no longer recognize
their local Samba 2 profiles once they join Samba 3 domain. If I add a new
user and pdbedit -a user -U SID it ignores the -U.
The old profiles appear on the Windows clients as "unknown profile".
The problem is that the profiles are inaccessible.
If I man pdbedit, it clearly states the ability to;
smbsvr# man pdbedit
...
-G SID|rid
This option can be used while adding or modifying a user
ac-
count. It will specify the users' new primary group SID
(Securi-
ty Identifier) or rid.
Example: -G S-1-5-21-2447931902-1787058256-3961074038-1201
-U SID|rid
This option can be used while adding or modifying a user
ac-
count. It will specify the users' new SID (Security
Identifier)
or rid.
Example: -U S-1-5-21-2447931902-1787058256-3961074038-5004
Last login: Mon Aug 8 22:00:37 2005 from 192.168.1.101
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 5.4-RELEASE (GENERIC) #0: Sun May 8 10:21:06 UTC 2005
smbsvr# pdbedit -V
Version 3.0.12
smbsvr# pdbedit -r Administrator
Unix username: Administrator
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1375268081-527015025-691025275-3006
Primary Group SID: S-1-5-21-1375268081-527015025-691025275-3007
Full Name: User &
Home Directory: \\smbsvr\home\Administrator
HomeDir Drive: H:
Logon Script:
Profile Path: \\smbsvr\home\Administrator\profile
Domain: WORKGROUP
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mon, 18 Jan 2038 21:14:07 UTC
Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC
Password last set: Mon, 08 Aug 2005 21:39:22 UTC
Password can change: Mon, 08 Aug 2005 21:39:22 UTC
Password must change: Mon, 18 Jan 2038 21:14:07 UTC
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
smbsvr# pdbedit -u Administrator -U
S-1-5-21-1375268081-527015025-691025275-3007
Administrator:1003:User &
smbsvr# pdbedit -r Administrator
Unix username: Administrator
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1375268081-527015025-691025275-3006
Primary Group SID: S-1-5-21-1375268081-527015025-691025275-3007
Full Name: User &
Home Directory: \\smbsvr\home\Administrator
HomeDir Drive: H:
Logon Script:
Profile Path: \\smbsvr\home\Administrator\profile
Domain: WORKGROUP
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mon, 18 Jan 2038 21:14:07 UTC
Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC
Password last set: Mon, 08 Aug 2005 21:39:22 UTC
Password can change: Mon, 08 Aug 2005 21:39:22 UTC
Password must change: Mon, 18 Jan 2038 21:14:07 UTC
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
smbsvr# adduser
Username: test1
Full name:
Uid (Leave empty for default):
Login group [test1]:
Login group is test1. Invite test1 into other groups? []:
Login class [default]:
Shell (sh csh tcsh nologin) [sh]:
Home directory [/home/test1]:
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username : test1
Password : *****
Full Name :
Uid : 1004
Class :
Groups : test1
Home : /home/test1
Shell : /bin/sh
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (test1) to the user database.
Add another user? (yes/no): no
Goodbye!
smbsvr#
smbsvr#
smbsvr# pdbedit -a test1 -U S-1-5-21-1375268081-527015025-691025275-5000
new password:
retype new password:
Unix username: test1
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1375268081-527015025-691025275-3008
Primary Group SID: S-1-5-21-1375268081-527015025-691025275-3009
Full Name: User &
Home Directory: \\smbsvr\home\pdigm\test1
HomeDir Drive: H:
Logon Script:
Profile Path: \\smbsvr\home\pdigm\test1\profile
Domain: WORKGROUP
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mon, 18 Jan 2038 21:14:07 UTC
Kickoff time: Mon, 18 Jan 2038 21:14:07 UTC
Password last set: Tue, 09 Aug 2005 04:53:13 UTC
Password can change: Tue, 09 Aug 2005 04:53:13 UTC
Password must change: Mon, 18 Jan 2038 21:14:07 UTC
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
smbsvr# wtf
wtf: Command not found.
smbsvr#
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list