Bug with the SID lookup from win clients ?
Aurélien Degrémont
adegremont at idealx.com
Mon Dec 8 17:04:06 GMT 2003
Hi,
Trying to set up a Samba 3/LDAP/PDC configuration I'm facing some
strange behaviour of Windows clients.
I have trying to add some permissions on Windows client local file
system (NTFS) using domain users and groups (domain manage by Samba).
The Windows clients correclty add these permissions, but, when i close
and reopen the window, this SID are shown and they're not always
replaced by the the domain user ou group name which own the permissions.
(The directories tested were on C: root, user desktop, and some other
directories). I try this against different configurations, but the
problem didn't appeared each time :
NT4 : This never works, it always displayed "Unknown user"
Win2k Pro (5.1.2195) and Win2kPro + SP4 : They are *sometimes*
converted. Otherwise, the SID is displayed.
Win XP Pro : It works fine !
Someone else try these tests and :
Win2k Server : no lookups
Win XP Pro : ok
I try the same tests with a NT4 Server PDC, and no problems appeared.
Samba 3.0.1pre1 and Samba 3.0.1rc1 were tested. On Debian and Redhat.
With TDBSAM and LDAPSAM. This behaviour always appeared. Samba was
compiled with acl support, the libs acl and attr are installed.
Attached, one the smb.conf we used during the tests.
I could send you a log 10 of smbd activity during a request, but it's
really huge (~700 ko), i didn't find a "problem" on server-side.
I looked to the smb traffic, i'd just found that Windows clients don't
always request for the SID they're displaying. Those which are requested
(LSALookupSIDs) are correctly answered by Samba, according to me.
As, with a NT PDC, it works fine, i would considered this as a bug, or a
mistake in my configuration :)) (I will prefer the second choice, but i
don't think so)
I hope you have a solution for this important issue.
Thanks in advance
Aurélien Degrémont
-------------- next part --------------
[global]
workgroup = SMBTEST
security = user
domain logons = yes
domain master = yes
admin users = @"Domain Admins"
log level = 4 rpc_srv:1 rpc_parse:1 rpc_server:1 passdb:1
dos charset = iso8859-1
unix charset = iso8859-1
display charset = iso8859-1
passdb backend = tdbsam
;-------------------
add user script = useradd -m "%u"
delete user script = userdel "%u"
set primary group script = usermod -g "%g" "%u"
add user to group script = adduser "%u" "%g"
delete user from group script = deluser "%u" "%g"
add group script = groupadd "%g"
delete group script = groupdel "%g"
add machine script = useradd -g machines -c "Machine" -d /dev/null -s /bin/false "%u"
;------------------
More information about the samba-technical
mailing list