after an upgrade from 4.1.6 to 4.2.0rc4 with security = ADS "force user" did not work anymore

"Dr. Hansjörg Maurer" hansjoerg.maurer at itsd.de
Sat Jan 31 04:58:57 MST 2015 

Am 31.01.2015 07:27, schrieb Davor Vusir:
>
> "Dr. Hansjörg Maurer" skrev den 2015-01-29 23:00:
>>> OK, just had a thought, try changing 'force user = maurerh' to 'force
>>> user = XXX\maurerh', where 'XXX' is your domain/workgroup name
>>>
>>> Rowland
>>>
>> Hi
>>
>> tried it already, but not with the patch form Andrew...
>> Therefore I tried it with this patch, but ist still does not work
>>
>> The user who posted https://bugzilla.samba.org/show_bug.cgi?id=11044 ,
>> has a log messages like
>>
>> ../source3/auth/server_info.c:628(passwd_to_SamInfo3)
>>    The primary group domain
>> sid(S-1-5-21-1497163937-2947169817-3520470860-513) does not match the
>> domain sid(S-1-22-1) for mtester(S-1-22-1-521)
>>
>>
>> Without the patch our logs show somthing similar
>>
>> [2015/01/28 15:22:55.911105,  1]
>> ../source3/auth/server_info.c:628(passwd_to_SamInfo3)
>>        The primary group domain
>> sid(S-1-5-21-1156737867-681972312-1097073633-131379) does not match
>> the domain sid(S-1-22-1) for maurerh(S-1-22-1-7740)
>>
>>
>> With the patch our log say
>>
>> [2015/01/29 22:47:39.669288,  1]
>> ../source3/auth/server_info.c:396(SamInfo3_handle_sids)
>>    The primary group domain
>> sid(S-1-5-21-1156737867-681972312-1097073633-131379) does not match the
>> domain sid(S-1-5-21-996664766-3924031551-1934014251) for
>> maurerh(S-1-22-1-7740)
>>
>> What is the SID S-1-5-21-996664766-3924031551-1934014251 about
>
> Hello Hansjörg!
>
> The SID is probably the servers SID. Below you got a listing from
> running wbinfo on my fileserver 'ostraaros'.
> To me it looks like the code is getting the domains SID where the user
> account resides and then trying to match it to the server (domain) SID.
>
> admin at ostraaros:~$ wbinfo -D EXAMPLE
> Name              : EXAMPLE
> Alt_Name          : internal.example.se
> SID               : S-1-5-21-3764816001-1961040586-2408178444
> Active Directory  : Yes
> Native            : Yes
> Primary           : Yes
> admind at ostraaros:~$ wbinfo -n davor
> S-1-5-21-3764816001-1961040586-2408178444-1105 SID_USER (1)
> admin at ostraaros:~$ wbinfo -D OSTRAAROS
> Name              : OSTRAAROS
> Alt_Name          :
> SID               : S-1-5-21-4190857068-4168617998-2793135748
> Active Directory  : No
> Native            : No
> Primary           : No
> admind at ostraaros:~$
>
> Regards
> Davor
>

Hi Davor

you are right, the SID it complains is the SID of the server

regards

Hansjörg



wbinfo -n maurerh
S-1-5-21-1156737867-681972312-1097073633-27527 SID_USER (1)

wbinfo -D FTPSERVER
Name              : FTPSERVER
Alt_Name          :
SID               : S-1-5-21-996664766-3924031551-1934014251
Active Directory  : No
Native            : No
Primary           : No


>>
>> Regrads
>>
>> Hansjörg
>>
>>
>>
>>
>>
>> ----------------------------
>> Unser System ist mit einem Mailverschluesselungs-Gateway
>> ausgestattet. Wenn Sie moechten, dass an Sie gerichtete E-Mails
>> verschluesselt werden, senden Sie einfach eine S/MIME-signierte
>> E-Mail oder Ihren PGP Public Key an hansjoerg.maurer at itsd.de.
>>
>> Our system is equipped with an email encryption gateway. If you want
>> email sent to you to be encrypted please send a S/MIME signed email
>> or your PGP public key to hansjoerg.maurer at itsd.de.
>>
>


-- 
Dr. Hansjörg Maurer
itsystems Deutschland AG
Erzgiessereistrasse 22
80335 München
Tel:   +49-89-52 04 68-41
Fax:   +49-89-52 04 68-59
E-Mail: hansjoerg.maurer at itsd.de
Web:    http://www.itsd.de


Amtsgericht München HRB 132146
USt-IdNr. DE 812991301
Steuer-Nr. 143/100/81575

Aufsichtsratsvorsitzender:
Stefan Adam
Vorstand:
Dr. Michael Krocka
Dr. Hansjörg Maurer


----------------------------
Unser System ist mit einem Mailverschluesselungs-Gateway ausgestattet. Wenn Sie moechten, dass an Sie gerichtete E-Mails verschluesselt werden, senden Sie einfach eine S/MIME-signierte E-Mail oder Ihren PGP Public Key an hansjoerg.maurer at itsd.de.

Our system is equipped with an email encryption gateway. If you want email sent to you to be encrypted please send a S/MIME signed email or your PGP public key to hansjoerg.maurer at itsd.de.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5906 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150131/29413502/attachment.bin>

More information about the samba-technical mailing list