bug 1315 related problems with 3.0.4 and patches

William Baker bbaker at priefert.com
Wed May 26 15:14:20 GMT 2004 

I hope I'm not too far off topic bringing this discussion to the 
internals list.

The machines have now been downgraded to 3.0.2a, though the 
configuration is the same.  All clients function with this version.

As far as I can tell, this is pretty much as it should be on the PDC:

[root at hardy root]# net groupmap list
System Operators (S-1-5-32-549) -> -1
Office (S-1-5-21-3019329275-1252158644-2963285774-1203) -> office
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Accounting (S-1-5-21-3019329275-1252158644-2963285774-2023) -> acct
Domain Users (S-1-5-21-3019329275-1252158644-2963285774-513) -> users
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Cad (S-1-5-21-3019329275-1252158644-2963285774-2019) -> cad
Account Operators (S-1-5-32-548) -> -1
Domain Admins (S-1-5-21-3019329275-1252158644-2963285774-512) -> ntadmin
Domain Guests (S-1-5-21-3019329275-1252158644-2963285774-514) -> nobody
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

Although these results do not seem to be consistant with what another 
machine is telling me (primary file server, not PDC).  Note that the 
file server doesn't see all the domain groups found on the PDC.  In 
particular, Office, CAD and Accounting are missing from the groups:

[root at pacman nsswitch]# net groupmap list
System Operators (S-1-5-32-549) -> -1
Domain Admins (S-1-5-21-2250189660-2026571293-610740313-512) -> -1
Domain Guests (S-1-5-21-2250189660-2026571293-610740313-514) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
Domain Users (S-1-5-21-2250189660-2026571293-610740313-513) -> -1

Both machines give the same information for net rpc info:

[root at pacman nsswitch]# net rpc info
Domain Name: PRIEFERT
Domain SID: S-1-5-21-3019329275-1252158644-2963285774
Sequence number: 1085583752
Num users: 118
Num domain groups: 6
Num local groups: 0

But it seems strange that only the PDC will enumerate the groups using 
net rpc:

[root at hardy root]# net rpc group list
Password:
Office
Accounting
Domain Users
Cad
Domain Admins
Domain Guests

[root at pacman nsswitch]# net rpc group list
Password:
[root at pacman nsswitch]#

I really expected that the file server would show the domain groups from 
the PDC.  I have to specify the PDC using --server to get the domain list.

bbaker


> I had a similar problem in a big installation.
> Some XP's were working fine, while others had a variable number of
> services crashing IF the network cable were attached at boot time and
> for the time XP needs to load al libraries/services under the login
> screen.
> 
> Turned out to be a bug in samba coupled with a misconfiguration.
> 
> I had a wrong configuration for group mapping of wellknown domain
> groups, basically I forgot to put some attributes in the ldap tree and
> some query failed unespectedly. This coupled with a problem in the samr
> pipe for group enumeration when no groups are found made some XP's go
> nuts.
> 
> I thought of a possible fix for this but it is not easy, and it only
> show up on wrong configurations afaik.
> 
> Hope this helps.
> Simo.
> 
> On Wed, 2004-05-26 at 15:02, William Baker wrote:
> 
>>(more info)
>>
>>The Workstation service on XP dies during bootup/login.  Logon works as 
>>a local admin, which can then be used to start the Workstation service. 
>>  Once the service is started (manually this time), the local user can 
>>log  out and domain users can log in successfully.  The event log has 
>>little information other than showing that indeed the Workstation 
>>service was started automatically and died by itself of natural causes.
>>
>>I may be putting together unrelated problems to come to the erroneous 
>>conclusion that it is related to bug 1315.
>>
>>This morning I tried 3.0.5pre1 with the same results, though the results 
>>could be tainted, as I had shares on a 3.0.4 box which was not the PDC. 
>>(It should not have been functioning as BDC either.
>>
>>I'm open to suggestions and knowledgable enough to code, patch, and run 
>>ethereal.  I'm not intimately familiar with Samba's inner workings.  I 
>>have several XP machines which exhibit the problem and I could put 
>>together a separate test network.
>>
>>bbaker

More information about the samba-technical mailing list