[Samba] 3.0-alpha17 kills PDC SID

metzemix at gmx.de metzemix at gmx.de
Mon Mar 25 06:23:02 GMT 2002


This happens in 3.0-alpha17 too!!!

metze

#########
Hello,

just tried Samba 2.2.4pre (checkout 22.March 02, around 17:00 CET) 
from the cvs and could track down many problems we had here 
today to some error with the PDC SID (ok, I know, using cvs-code on
a production server is bad)

The CVS code seems to add the PDC SID from MACHINE.SID
to the secrets.tdb and after this deletes the file MACHINE.SID.
During this procedure the 'right' SID gets lost. One can see
this during login of a Windows 2000 client into a Samba 2.2.4-pre
managed domain: the profile download stops with 'access denied' and
the login-script does not run.
Doing echo %LOGONSERVER% from the Windows command shell 
gives the name of the client machine, not the PDC.

After deleting the locally cached profiles and setting nt acl support = no
in the smb.conf for the profile share the login works and the profile
downloads - but still no logon-script.

Did an installation of 2.2.4-pre/cvs on another Server, created another
domain, and rejoined one client to this new domain - this works
perfect, so it seems that only the SID-transfer ist broken.

I reinstalled 2.2.3a from the source-tar archive and restored the
MACHINE.SID
from the backup. After this login, profile dowload and login-scripts
work. echo %LOGONSERVER% gives the netbios-name of the
Samba-Server - but now I lost the CVS improvements of the printing-subsystem

and the MS-Database locking.

Since it will be quite a lot of work to rejoin all clients to a Samba
2.2.4-release
controlled domain, someone should fix this issue before release.
- I'm willing to test the cvs-code - just drop me a mail if something
changed.

BTW: compiling the cvs code with smbmount gives a compiler error
during compilation of smbmount.c.

Greetings,
Martin

---
Martin THOMAS
University of Kaiserslautern, Institute of Environmental Engineering,
Kaiserslautern (ZIP 67663), Germany


-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net





More information about the samba-technical mailing list