Bug with the SID lookup from win clients ?

Aurélien Degrémont adegremont at idealx.com
Mon Dec 8 17:04:06 GMT 2003


Hi,

Trying to set up a Samba 3/LDAP/PDC configuration I'm facing some 
strange behaviour of Windows clients.
I have trying to add some permissions on Windows client local file 
system (NTFS) using domain users and groups (domain manage by Samba). 
The Windows clients correclty add these permissions, but, when i close 
and reopen the window,  this SID are shown and they're not always 
replaced by the the domain user ou group name which own the permissions. 
(The directories tested were on C: root, user desktop, and some other 
directories). I try this against different configurations, but the 
problem didn't appeared each time :

NT4 : This never works, it always displayed "Unknown user"
Win2k Pro (5.1.2195) and Win2kPro + SP4 : They are *sometimes* 
converted. Otherwise, the SID is displayed.
Win XP Pro : It works fine !

Someone else try these tests and :
Win2k Server :  no lookups
Win XP Pro : ok

I try the same tests with a NT4 Server PDC, and no problems appeared.

Samba 3.0.1pre1 and Samba 3.0.1rc1 were tested. On Debian and Redhat. 
With TDBSAM and LDAPSAM. This behaviour always appeared. Samba was 
compiled with acl support, the libs acl and attr are installed.

Attached, one the smb.conf we used during the tests.
I could send you a log 10 of smbd activity during a request, but it's 
really huge (~700 ko), i didn't find a "problem" on server-side.
I looked to the smb traffic, i'd just found that Windows clients don't 
always request for the SID they're displaying. Those which are requested 
(LSALookupSIDs) are correctly answered by Samba, according to me.

As, with a NT PDC, it works fine, i would considered this as a bug, or a 
mistake in my configuration :)) (I will prefer the second choice, but i 
don't think so)

I hope you have a solution for this important issue.

Thanks in advance

Aurélien Degrémont
-------------- next part --------------

[global]

	workgroup = SMBTEST

	security = user
	domain logons = yes 
	domain master = yes

	admin users = @"Domain Admins"

	log level = 4 rpc_srv:1 rpc_parse:1 rpc_server:1 passdb:1
	dos charset = iso8859-1 
	unix charset = iso8859-1
	display charset = iso8859-1

	passdb backend = tdbsam

	;-------------------
	add user script = useradd -m "%u"
	delete user script = userdel "%u"
	set primary group script = usermod -g "%g" "%u"
	add user to group script = adduser "%u" "%g"
	delete user from group script = deluser "%u" "%g"
	
	add group script = groupadd "%g"
	delete group script = groupdel "%g"
	
	add machine script = useradd -g machines -c "Machine" -d /dev/null -s /bin/false "%u"
	;------------------


More information about the samba-technical mailing list