[Samba] 2.2.4pre/cvs kills PDC SID
Martin Thomas
mthomas at rhrk.uni-kl.de
Fri Mar 22 10:20:11 GMT 2002
Hello,
just tried Samba 2.2.4pre (checkout 22.March 02, around 17:00 CET)
from the cvs and could track down many problems we had here
today to some error with the PDC SID (ok, I know, using cvs-code on
a production server is bad)
The CVS code seems to add the PDC SID from MACHINE.SID
to the secrets.tdb and after this deletes the file MACHINE.SID.
During this procedure the 'right' SID gets lost. One can see
this during login of a Windows 2000 client into a Samba 2.2.4-pre
managed domain: the profile download stops with 'access denied' and
the login-script does not run.
Doing echo %LOGONSERVER% from the Windows command shell
gives the name of the client machine, not the PDC.
After deleting the locally cached profiles and setting nt acl support = no
in the smb.conf for the profile share the login works and the profile
downloads - but still no logon-script.
Did an installation of 2.2.4-pre/cvs on another Server, created another
domain, and rejoined one client to this new domain - this works
perfect, so it seems that only the SID-transfer ist broken.
I reinstalled 2.2.3a from the source-tar archive and restored the MACHINE.SID
from the backup. After this login, profile dowload and login-scripts
work. echo %LOGONSERVER% gives the netbios-name of the
Samba-Server - but now I lost the CVS improvements of the printing-subsystem
and the MS-Database locking.
Since it will be quite a lot of work to rejoin all clients to a Samba 2.2.4-release
controlled domain, someone should fix this issue before release.
- I'm willing to test the cvs-code - just drop me a mail if something changed.
BTW: compiling the cvs code with smbmount gives a compiler error
during compilation of smbmount.c.
Greetings,
Martin
---
Martin THOMAS
University of Kaiserslautern, Institute of Environmental Engineering,
Kaiserslautern (ZIP 67663), Germany
More information about the samba
mailing list