Mixed profiles w/Samba-PDC

Jean-Francois Micouleau Jean-Francois.Micouleau at utc.fr
Tue May 26 16:51:14 GMT 1998 

On Wed, 27 May 1998, Pierre-Jules Tremblay wrote:

> Okay, I figured out the problem (I think).  I believe the way Samba
> handles domain admin users is causing this (or maybe my understanding is).
> 
> It turns out in my example that both users were listed in the "domain
> admin users" keyword.  I discovered that the profile list in the
> registry was being set wrong (see
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\ProfileList).  The key for both users A and B ended
> up being the same, i.e. S-1-5-21-123-456-789-123-500.  Now, 500 is the
> uid of user A on the samba server, but I also noticed that the last
> three digits of the local Administrator account are 500, is this a
> coincidence?

nope. it's how samba manage rid.

Special remark to Luke: it's not the good way to handle it !
I'm sure it's wrong to force the rid in passdb.c, we should force the
unknown_5 value. Somewhere in ipc.c I saw the same code with comments
coming from cifs 6 doc.

> Anyway, I simply removed user B from the domain admin users list and
> now the problem if fixed, i.e.  the registry key name for user B is
> now S-1-5-21-123-456-789-123-1514 (where 514 is the Unix uid of user
> B; what does the 1 stand for?).  Therefore, the two users get their
> own registry values for local profile path, etc., as they should. 

The 1 is the posix offset, rid=uid+1000 for normal users

> I just wonder how come *all* users listed in the "domain admin users"
> are mapped to the same domain id, i.e. S-1-5-21-123-456-789-123-500
> and therefore all ending up with the same local profile location.  Is
> this the only way to "fool" NT into thinking this user is a domain
> admin?

As I said above, it's how it's done in samba right now. It's not how NT
does it, and I hope it will change.

	Jean Francois

-----------------------------------------------------------
Pinky: "What are we going to do tonight, Brain?"
Brain: "The same thing we do every night, Pinky :
	try to install Windows NT !"
-----------------------------------------------------------

More information about the samba-ntdom mailing list