PDC Functions

Mike Miller temp6453 at hotmail.com
Fri Aug 8 16:50:38 GMT 2003 

Well I am just trying to get the username mapping from SFU to work properly. 
  If I have a local user (ie: Administrator) to the machine, and create a 
mapping of any sort for it- no issues.  Maps perfectly.  If I try and do it 
with a domain user, it shows up in the list, I can even make an advanced 
mapping... however it will always create files as nobody if the user I'm 
trying to map with is in the domain.

Any way to emulate the functions of this said DLL in Samba?
-Mike


>From: "Anderson, Brandie" <brandie.anderson at ttu.edu>
>To: "Mike Miller" <temp6453 at hotmail.com>
>CC: <samba-technical at lists.samba.org>
>Subject: RE: PDC Functions
>Date: Fri, 8 Aug 2003 10:12:35 -0500
>
>Mike,
>I can tell you from extensive testing of SFU (and this is difficult to
>say - I bleed blue) that the only product MS ever released that was as
>bad as this was Windows ME. Religion aside, SFU doesn't want Samba to be
>the PDC, their whole premise of SFU is migration not coexistence. This
>is why they cannot help you if you do not meet their flowchart product
>implementation. As for the NFS subauthorization piece - nfssa.dll must
>be installed on every MS domain controller PDC or BDC regardless of the
>full SFU presence or user authentication/access WILL fail on the MS
>side. What exactly are you trying to do with the SID's? I may have
>missed that part. Authentication - NFS access control???
>Just as a side note the SFU beta 3.5 is out to test - I am currently
>beating it up at the same time as Samba 3 beta 3.
>
>Brandie Anderson, MCSE, CNA
>Security Manager
>Texas Tech University
>brandie.anderson at ttu.edu
>
>
>-----Original Message-----
>From: Mike Miller [mailto:temp6453 at hotmail.com]
>Sent: Friday, August 08, 2003 9:41 AM
>To: jerry at samba.org
>Cc: samba-technical at lists.samba.org
>Subject: Re: PDC Functions
>
>What I'm attempting to do is get services for unix working on a win2k
>box,
>running off of a samba PDC.   I am having great difficulty doing so.  I
>have
>added a trust relationship and added the 2k server into the domain.  I
>then
>try and change ownership to anyone in the domain without luck.  It
>always
>gives me that the Sid Lookup Failed.  Microsoft said the following and
>basically told me to use an NT/2k PDC.  I completely trust the machine
>in
>every way, so I'm not too worried about security of the machine, however
>I
>want it to work on these RPC calls to get the SIDs.  For some reason, it
>
>doesn't seem to be giving me any SIDs.  Any ideas?
>
>--- START M$ ANSWER ---
>No. The NFS server running on your file server will need the mapped
>domain
>user's SID in order to impersonate him while accessing files. The DC
>will
>not give out that SID unless the NFS subauthentication DLL (aka Server
>for
>NFS Authentication) is installed on it.
>
>In other words, you will have to migrate the DC first, and install
>Server
>for NFS Auth on it if you need to use mapped domain users...Further, the
>DC
>should be running pre-Win2k compat mode if the mapping server (running
>as
>local service on a member server) is to be able to get the list of
>users.
>--- END M$ ANSWER ---
>
>-Mike
>
> >From: "Gerald (Jerry) Carter" <jerry at samba.org>
> >To: Mike Miller <temp6453 at hotmail.com>
> >CC: samba-technical at lists.samba.org
> >Subject: Re: PDC Functions
> >Date: Thu, 7 Aug 2003 23:32:02 -0500 (CDT)
> >
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >On Fri, 8 Aug 2003, Mike Miller wrote:
> >
> > > Hi,
> > >   I am trying to set up Samba as a PDC on our network and having
>some
> > > difficulty.  I established a trusted machine account and added it to
>the
> > > domain.  Samba will however not release the SIDs needed by our
>servers
> > > working off of it.  I get the following message when trying to do a
> >gpresult
> > > [microsoft resource kit]
> > >
> > > LookupAccountSid failed with 1789
> >
> >from winerror.h:
> >
> >#define ERROR_TRUSTED_RELATIONSHIP_FAILURE 1789L
> >
> >Somethings messed up on the client's account it appears.
> >
> > > I did a grep through samba 2.2.8b and samba 3.0.0b3 sources and
>couldn't
> > > even pull up that 'AccountSid' command.  Is this not supported at
>all?
> >Will
> > > I be forced to enter the depths of Windows as a PDC?
> >
> >It is supported in 2.2 and 3.0
> >
> > > It doesn't seem too complicated to release the SIDs to trusted
>machines
> > > [such as the one which does our user map services]... isn't that
>what
> >I'm
> > > trying to do here?
> >
> >
> >
> >cheers, jerry
> >
> >
>----------------------------------------------------------------------
> >  Hewlett-Packard            -------------------------
>http://www.hp.com
> >  SAMBA Team                 ----------------------
>http://www.samba.org
> >  GnuPG Key                  ----
>http://www.plainjoe.org/gpg_public.asc
> >  "You can never go home again, Oatman, but I guess you can shop
>there."
> >                             --John Cusack - "Grosse Point Blank"
>(1997)
> >
> >-----BEGIN PGP SIGNATURE-----
> >Version: GnuPG v1.2.1 (GNU/Linux)
> >Comment: For info see http://quantumlab.net/pine_privacy_guard/
> >
> >iD8DBQE/MyfFIR7qMdg1EfYRAuTnAJ40qBInHRA6FGyC5yFOUP9Q60ayZgCeLm7x
> >IfQYEcvK6zdjWnQ2GmuVeMY=
> >=XoWt
> >-----END PGP SIGNATURE-----
> >
>
>_________________________________________________________________
>MSN 8 with e-mail virus protection service: 2 months FREE*
>http://join.msn.com/?page=features/virus
>

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*  
http://join.msn.com/?page=features/virus

More information about the samba-technical mailing list