[Samba] 2.2.4pre/cvs kills PDC SID - still problems

Martin Thomas mthomas at rhrk.uni-kl.de
Mon Apr 8 12:57:02 GMT 2002 

: On Fri, Mar 22, 2002 at 07:21:21PM +0100, Martin Thomas wrote:
: > Hello,
: > 
: > just tried Samba 2.2.4pre (checkout 22.March 02, around 17:00 CET) 
: > from the cvs and could track down many problems we had here 
: > today to some error with the PDC SID (ok, I know, using cvs-code on
: > a production server is bad)
: > 
: > The CVS code seems to add the PDC SID from MACHINE.SID
: > to the secrets.tdb and after this deletes the file MACHINE.SID.
: > During this procedure the 'right' SID gets lost. One can see
: > this during login of a Windows 2000 client into a Samba 2.2.4-pre
: > managed domain: the profile download stops with 'access denied' and
: > the login-script does not run.
: > Doing echo %LOGONSERVER% from the Windows command shell 
: > gives the name of the client machine, not the PDC.
: > 
: > After deleting the locally cached profiles and setting nt acl support = no
: > in the smb.conf for the profile share the login works and the profile
: > downloads - but still no logon-script.
: > 
: > Did an installation of 2.2.4-pre/cvs on another Server, created another
: > domain, and rejoined one client to this new domain - this works
: > perfect, so it seems that only the SID-transfer ist broken.
: > 
: > I reinstalled 2.2.3a from the source-tar archive and restored the MACHINE.SID
: > from the backup. After this login, profile dowload and login-scripts
: > work. echo %LOGONSERVER% gives the netbios-name of the
: > Samba-Server - but now I lost the CVS improvements of the printing-subsystem 
: > and the MS-Database locking.
: > 
: > Since it will be quite a lot of work to rejoin all clients to a Samba 2.2.4-release
: > controlled domain, someone should fix this issue before release.
: > - I'm willing to test the cvs-code - just drop me a mail if something changed.
: 
: This was just fixed by a patch gone into CVS.
: 
: CVS update and it should be fine. Sorry for the problem.
: 
: Jeremy.
: 

Just did a CVS update and tried the new code. It seems that the pdc-sid is
now handled correctly, login and login-script work, Loginserver is
the samba-PDC. But profiles can not be downloaded - Errormessage 
on the W2Ksp2-client is something like 'Network name no longer existing'. 
2.2.3a works, 2.2.4-CVS not. Did not change anything else than restoring
the old MACHINE.SID and a 'make revert'.
I can give more information, later this week, don't have
the time for further analyses right now.
Thanks for the fix, but somethink still is wrong with the CVS-code
(or my configuration - any changes needed in the smb.conf for 2.2.4?).

Martin

More information about the samba mailing list