after an upgrade from 4.1.6 to 4.2.0rc4 with security = ADS "force user" did not work anymore

Davor Vusir davortvusir at gmail.com
Fri Jan 30 23:27:51 MST 2015 

"Dr. Hansjörg Maurer" skrev den 2015-01-29 23:00:
>> OK, just had a thought, try changing 'force user = maurerh' to 'force
>> user = XXX\maurerh', where 'XXX' is your domain/workgroup name
>>
>> Rowland
>>
> Hi
>
> tried it already, but not with the patch form Andrew...
> Therefore I tried it with this patch, but ist still does not work
>
> The user who posted https://bugzilla.samba.org/show_bug.cgi?id=11044 ,
> has a log messages like
>
> ../source3/auth/server_info.c:628(passwd_to_SamInfo3)
>    The primary group domain sid(S-1-5-21-1497163937-2947169817-3520470860-513) does not match the domain sid(S-1-22-1) for mtester(S-1-22-1-521)
>
>
> Without the patch our logs show somthing similar
>
> [2015/01/28 15:22:55.911105,  1] ../source3/auth/server_info.c:628(passwd_to_SamInfo3)
>        The primary group domain sid(S-1-5-21-1156737867-681972312-1097073633-131379) does not match the domain sid(S-1-22-1) for maurerh(S-1-22-1-7740)
>
>
> With the patch our log say
>
> [2015/01/29 22:47:39.669288,  1]
> ../source3/auth/server_info.c:396(SamInfo3_handle_sids)
>    The primary group domain
> sid(S-1-5-21-1156737867-681972312-1097073633-131379) does not match the
> domain sid(S-1-5-21-996664766-3924031551-1934014251) for
> maurerh(S-1-22-1-7740)
>
> What is the SID S-1-5-21-996664766-3924031551-1934014251 about

Hello Hansjörg!

The SID is probably the servers SID. Below you got a listing from 
running wbinfo on my fileserver 'ostraaros'.
To me it looks like the code is getting the domains SID where the user 
account resides and then trying to match it to the server (domain) SID.

admin at ostraaros:~$ wbinfo -D EXAMPLE
Name              : EXAMPLE
Alt_Name          : internal.example.se
SID               : S-1-5-21-3764816001-1961040586-2408178444
Active Directory  : Yes
Native            : Yes
Primary           : Yes
admind at ostraaros:~$ wbinfo -n davor
S-1-5-21-3764816001-1961040586-2408178444-1105 SID_USER (1)
admin at ostraaros:~$ wbinfo -D OSTRAAROS
Name              : OSTRAAROS
Alt_Name          :
SID               : S-1-5-21-4190857068-4168617998-2793135748
Active Directory  : No
Native            : No
Primary           : No
admind at ostraaros:~$

Regards
Davor

>
> Regrads
>
> Hansjörg
>
>
>
>
>
> ----------------------------
> Unser System ist mit einem Mailverschluesselungs-Gateway ausgestattet. Wenn Sie moechten, dass an Sie gerichtete E-Mails verschluesselt werden, senden Sie einfach eine S/MIME-signierte E-Mail oder Ihren PGP Public Key an hansjoerg.maurer at itsd.de.
>
> Our system is equipped with an email encryption gateway. If you want email sent to you to be encrypted please send a S/MIME signed email or your PGP public key to hansjoerg.maurer at itsd.de.
>

More information about the samba-technical mailing list