2.0.2 SID problem?

Luke Kenneth Casson Leighton lkcl at switchboard.net
Fri Feb 19 15:53:32 GMT 1999

On Fri, 19 Feb 1999, Chad Campbell wrote:

> In trying to move from 2.0 to 2.0.2, we found that all of our user
> profiles were rendered useless.  Anyone that logged on to the domain had
> a new profile created.  This is due to the SID fix, right?  Now that the

yes.  sorry.  we were using strtol which only copes with signed longs, and
has an upper limit.  we grabbed the gnu source for strtoul

> SIDs have changed, NTUSER.DAT files with the old SIDs are useless.  Is
> there a workaround for this, or will we just have to start over with
> fresh profiles?

ok, you will need to know what the old sid was.  any sub-components above
0x7fffffff will need to be set to 0x7fffffff.  i'm not so sure that anyone
really wants to do this.

or... jeremy, did we fix this _prior_ to release?  is the real fix to do
with that stuff-up with 0x15 and 15 and 0x20 and 20 etc in S-1-5-21 i
think the fix, chad, may be to modify the .SID file to say S-1-5-0x15-...
instead of S-1-5-0x21-...

it's all very painful and i'm sorry about it, but what are you doing using
2.0 and/or 2.0.2 as a PDC?  (lord help us all with pre-alpha code,
microsoft is going to put that damn KB article advising people not to use
samba after all...)



More information about the samba-ntdom mailing list