Mixed profiles w/Samba-PDC

Gerald Carter cartegw at Eng.Auburn.EDU
Wed May 27 18:07:42 GMT 1998

Gerald Carter wrote:
> Luke Kenneth Casson Leighton wrote:
> >
> > ah: the 1000 should actually be 0x10000...
> Uh-oh.  You do realize that if you change this in the code it will
> break all existing normal user profiles since the RID is embedded
> in the ntuser.dat file, right?  Welcome to the bleeding edge 
> everyone ;)

OK.  I just realized that the entire question about RID's stored 
in user profiles has really already been answered.  There would be
a problem with roaming profiles and the "domain admin users" 
parameters if the RID wasn't stored in the profile.

Here's a quick way ( which I just tested ) to verify that the RID
( actually I believe the entire SID ) in stored in the user profile.

- add an entry to smb.conf for "domain admin users = <username>.
  This username should have no previously established roaming profile
  located anywhere.
- Log in to the NT box, make some changes and the logout.  You can 
  use the registry to verify the user's account SID if you wish.  
  If you are in doubt that the changes stuck then log in again to 
  just see.
- Remove the "domain admin users" entry from smb.conf
- Log back in to the NT box.

After the last step, run the registry editor and notice that the account
SID is different ( normal users are unix uid + 1000 ).  Notice also that
you will have the default user profile.

Add the "domain admin users" entry back into smb.conf and "viola!", you
will have you profile back.

                            Gerald ( Jerry ) Carter	
Engineering Network Services                           Auburn University 
jerry at eng.auburn.edu             http://www.eng.auburn.edu/users/cartegw

       "...a hundred billion castaways looking for a home."
                                  - Sting "Message in a Bottle" ( 1979 )

More information about the samba-ntdom mailing list