Problem with SID-username lookup

Patrick Reid p.j.reid at earthling.net
Tue Oct 9 01:37:03 GMT 2001 

There hasn't been any response to my question regarding username lookup by
Win2000 for setting permissions on PCs on my network.

Does no one have any suggestions? Is there some additional information I
could provide?

Patrick Reid

-----Original Message-----
From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]On
Behalf Of Patrick Reid
Sent: October 4, 2001 7:59 AM
To: samba at lists.samba.org
Subject: RE: Problem with SID-username lookup


I have done some more experimenting. It appears that samba is causing some
sort of kernel panic problem which was happening with increasing frequency
since I started getting unable to lookup user names for display. (At least
when I turned off samba, my linux machine stopped having frequent kernel
panics).

I noted that the .tdb files in my /var/cache/samba directory were mostly
unreadble (that is to say only ntdrivers,rdb, share_info.tdb and
printing.tdb actually had any records according to tdbtool). So I removed
those files and started samba up again. I now have some of those files
having readable records. It remains to be seen whether kernel panics will
now happen again.

But I still have no ability to control access to files or folders based on
the list of domain users unless they have logged into the win2000 machine
with which I am trying to change access permissions. I note that this is
true even if the folder whose permissions I am trying to change are on
another windows 2000 machine. i.e. if I try to edit permissions on another
win2000 machine's folder which already has permissions set to a user who has
not logged in at the win2000 machine from which I am accessing the folder,
the security tab on my machine only shows the numeric id of the user, not
his/her username. And I can only add users to this list if they have been
logged into the local machine in the past.

trying a lookupnames or lookupsids with rpcclient still returns S-0-0 (8)
and CANDESCO\ (8) instead of the real SID or user name.

Can anyone suggest anything?

Patrick

-----Original Message-----
From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]On
Behalf Of Patrick Reid
Sent: October 3, 2001 11:01 AM
To: samba at lists.samba.org
Subject: Problem with SID-username lookup


I have samba-2.2.1a installed on a RH 7.1 box running as a PDC

When I first set things up, I was able to control access to directories on a
Win2000 PC which was part of the domain based on the list of domain users
from the samba server. However, I recently changed a user name (a user got
married). I made an error in not deleting the old user from the smbpasswd
file before adding the new one. I soon relaized my mistake and removed the
old line from the smbpasswd file, leaving only correct entires there.

But now, when I try to change permissions on a file or directory on a
Win2000 machine in the domain, I have a problem. I can get a list of the
domain users just fine (btw, is there a way to limit the list which shows up
to just users who are also samba users (i.e. have an entry in the smabpasswd
file?). But when I select someone, one of two behaviours ensues.

1) if the user in question has been logged on to the local machine, they are
added without difficulty.
2) if the user has never logged on to the local machine, Windows returns an
error message: "Unable to lookup user names for display" and no one is added
to the list.

When this happened, there were some directories with permissions which had
been set up before the problem started. They listed the SID of the users
without their user names in the security tab. Once each user had logged in,
this problem disappeared.

Also, I note that as far as I recall, the list of users in the security tab
used to have the full names of the users. Now it is the unix username (I may
be mis-remembering).

In investigating this, I tried using rpcclient and the lookupsids and
lookupusers commands. Any SID for a user in my domain (called CANDESCO)
returns as follows:

S-1-5-21-2887495987-4264539752-2959987270-2000          CANDESCO\ (8)
S-1-5-21-2887495987-4264539752-2959987270-2040          CANDESCO\ (8)

Any user name returns as follows:

CANDESCO                S-0-0 (8)
CANDESCO\pjreid         S-0-0 (8)

So there appears to be some problem with this aspect of my samba install
now. lsaquery returns the correct SID for the CANDESCO domain.

the queryuser command returns the following for any valid rid:

        User Name   :
        Full Name   :
        Home Drive  :
        Dir Drive   :
        Profile Path:
        Logon Script:
        Description :
        Workstations:
        Unknown Str :
        Remote Dial :
        Logon Time               :      Wed, 31 Dec 1969 20:00:00 GMT
        Logoff Time              :      Wed, 31 Dec 1969 20:00:00 GMT
        Kickoff Time             :      Wed, 31 Dec 1969 20:00:00 GMT
        Password last set Time   :      Wed, 31 Dec 1969 20:00:00 GMT
        Password can change Time :      Wed, 31 Dec 1969 20:00:00 GMT
        Password must change Time:      Wed, 31 Dec 1969 20:00:00 GMT
        unknown_2[0..31]...
        user_rid :      0
        group_rid:      0
        acb_info :      0000
        unknown_3:      00000000
        logon_divs:     0
        unknown_5:      00000000
        padding1[0..7]...

I checked the MS knowledge base and found an article which suggested
installing SP2. This did not fix the problem.

How can I fix this?

Patrick Reid


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list