Samba-3.3.4 Challenges

Volker Lendecke Volker.Lendecke at SerNet.DE
Mon May 4 11:31:51 GMT 2009

On Mon, May 04, 2009 at 07:18:18AM -0400, Scott Lovenberg wrote:
> >>I can confirm this from a few weeks ago.  I did just about
> >>the test that you described with sernet RPMs on centos 5.3
> >>proper.  Both 32 and 64 bit. My user SIDS remained, but
> >>groups were lost.  Domain members passed a testjoin and
> >>    
> >
> >What do you exactly mean by "groups were lost"?
> >
> >Volker
> >  
> The group SIDs remained (in a TDB), but the RID was no longer mapped to 
> a gid.  The TDBs weren't corrupted and were readable via tdbtool(8).  
> Domain member servers using winbind showed the correct SIDs, but could 
> not resolve them to their NT names (ie., Windows showed xxx-xxx-xxx-512 
> for Domain Admins group).
> I ended up using the opportunity to switch over to the RID backend (as I 
> had wanted to do anyways), so I never really probed too far.  Did you 
> see this behavior at all?

This very likely means that you lost your SID in the
secrets.tdb. Did you do a "net setlocalsid" after you
deleted the secrets.tdb (as indicated in John's first mail)?

BTW, deleting the secrets.tdb is something that you should
be ver careful about, and you should make very, very sure
that you put all required information back before starting
Samba again.

If you willfully destroy the registry on a Windows box, it
will be equally unhappy.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the samba-technical mailing list