New approach to "valid users" fix
Gerald (Jerry) Carter
jerry at samba.org
Fri Aug 11 21:35:01 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Volker Lendecke wrote:
> On Fri, Aug 11, 2006 at 02:01:38PM -0500, Gerald (Jerry) Carter wrote:
>> NT user token of user S-1-5-21-2547222302-1596225915-2414751004-2560
>> contains 13 SIDs
>> SID[ 0]: S-1-5-21-2547222302-1596225915-2414751004-2560
>> SID[ 1]: S-1-22-2-100
>
> Isn't that going to kill a PDC the same way Jeremy's patch
> did lately? The primary group SID (the first one in the
> list) MUST be in the user's domain.
I tested connecting to a member server joined to an
LDAP based PDC for a user with an unmapped primary
group. This was the server that failed before.
$ id lizard
uid=1004(lizard) gid=100(users)
groups=100(users),1042(printops),1045(prtadmin)
The token looks like:
NT user token of user S-1-5-21-2547222302-1596225915-2414751004-3008
contains 4 SIDs
SID[ 0]: S-1-5-21-2547222302-1596225915-2414751004-3008
SID[ 1]: S-1-1-0
SID[ 2]: S-1-5-2
SID[ 3]: S-1-5-11
usrmgr.exe reports Domain Users as the primary group.
The relevant portion of the NetSamlogon reply is
0064 logon_count : 0000
0066 bad_pw_count : 0000
0068 user_rid : 00000bc0
006c group_rid : 00000201
0070 num_groups : 00000000
0074 buffer_groups : 00000001
0078 user_flgs : 00000020
I think we are ok. But if someone has an smbpasswd based PDC
and would like to confirm my results, that would be great.
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE3PgFIR7qMdg1EfYRAoyeAJ45QTKo3z/KacNeHVI5IYMcQ0bm7QCg1Eos
Hzarxde2CczzX4BYMEOP1aM=
=mzMt
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list