[Samba] 2.2.4pre/cvs kills PDC SID

Jeremy Allison jra at samba.org
Tue Apr 2 09:30:18 GMT 2002


On Fri, Mar 22, 2002 at 07:21:21PM +0100, Martin Thomas wrote:
> Hello,
> 
> just tried Samba 2.2.4pre (checkout 22.March 02, around 17:00 CET) 
> from the cvs and could track down many problems we had here 
> today to some error with the PDC SID (ok, I know, using cvs-code on
> a production server is bad)
> 
> The CVS code seems to add the PDC SID from MACHINE.SID
> to the secrets.tdb and after this deletes the file MACHINE.SID.
> During this procedure the 'right' SID gets lost. One can see
> this during login of a Windows 2000 client into a Samba 2.2.4-pre
> managed domain: the profile download stops with 'access denied' and
> the login-script does not run.
> Doing echo %LOGONSERVER% from the Windows command shell 
> gives the name of the client machine, not the PDC.
> 
> After deleting the locally cached profiles and setting nt acl support = no
> in the smb.conf for the profile share the login works and the profile
> downloads - but still no logon-script.
> 
> Did an installation of 2.2.4-pre/cvs on another Server, created another
> domain, and rejoined one client to this new domain - this works
> perfect, so it seems that only the SID-transfer ist broken.
> 
> I reinstalled 2.2.3a from the source-tar archive and restored the MACHINE.SID
> from the backup. After this login, profile dowload and login-scripts
> work. echo %LOGONSERVER% gives the netbios-name of the
> Samba-Server - but now I lost the CVS improvements of the printing-subsystem 
> and the MS-Database locking.
> 
> Since it will be quite a lot of work to rejoin all clients to a Samba 2.2.4-release
> controlled domain, someone should fix this issue before release.
> - I'm willing to test the cvs-code - just drop me a mail if something changed.

This was just fixed by a patch gone into CVS.

CVS update and it should be fine. Sorry for the problem.

Jeremy.




More information about the samba mailing list