Problems authenticating with Win2k account that has sIDHistory set

[Ray Frush]

We observed the same problem and reported it to Samba-Technical in late April. 
We've also characterized the problem to discover that it has multiple failure
modes depending on how many Global Groups with SID History a user belongs to.

A short term workaround we're using is to lower the security mode to "server"
and set the "password Server" parameter to a stable, low use server.  Not ideal,
but it's working for a few hundred users here.

I've been working with the Samba Team to help get a solution released for the
SID History problem.  I'm hoping something is available soon.

Dave Mills wrote:
> 
> I am unable to authenticate with an account that has a sIDHistory migrated
> from the account on an NT4 domain and am unable to access any SAMBA servers.
> All SAMBA servers are running 2.0.7.  Users without the sIDHistory attribute
> do not have a problem authenticating; if I take a user that works and
> migrate a SID, then the user gets the errors below.  Has anyone seen this
> problem before?

-- 
Ray Frush               "Either you are part of the solution, 
T:970.288.6223               or part of the precipitate."
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
Agilent Technologies IT | Consumer and Site Services | Fort Collins Site