[Samba] What is so bad about primaryGroupID=513?
Florian Hars
hars at bik-gmbh.de
Mon Jun 3 02:25:02 GMT 2002
I try to set up Samba 2.2.4 / LDAP as a PDC and it almost works. The
only thing I don't understand is why a domain user can't have a
primaryGroupID of 513 (which looks like it should be a safe default).
But if I set it, login is denied with an error C0000078 on the client,
and something like
[2002/06/03 10:32:28, 3] smbd/sec_ctx.c:set_sec_ctx(314)
setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2002/06/03 10:32:28, 3] smbd/sec_ctx.c:set_sec_ctx(319)
1 user groups:
65534
(i.e. nobody/nogroup) on the server. If I set primaryGroupId to any
sufficienly random number (like 51223), login works as expected
[2002/06/03 10:42:32, 3] smbd/sec_ctx.c:set_sec_ctx(314)
setting sec ctx (2001, 100) - sec_ctx_stack_ndx = 0
[2002/06/03 10:42:32, 3] smbd/sec_ctx.c:set_sec_ctx(319)
1 user groups:
100
In addition, in the case of a successful login, the second transaction
in the log file performs a "switch message SMBsesssetupX (pid 7865)",
the C0000078 logins have a "switch message SMBtrans" in this position.
This is slightly puzzling.
Yours, Florian Hars.
PS: isn't there a return(True) missing in uid.c/change_to_user:
if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
(current_user.uid == conn->uid)) {
DEBUG(4,("change_to_user: Skipping user change - already user\n"));
return(True);
} else if ((current_user.conn == conn) &&
(vuser != 0) && (current_user.vuid == vuid) &&
(current_user.uid == vuser->uid)) {
DEBUG(4,("change_to_user: Skipping user change - already user\n"));
/************** HERE ??? ***************************/
}
More information about the samba
mailing list