[Samba] Unable to validate owner sid.

Mead, Tom tom.mead at intesabci.co.uk
Thu May 16 08:42:02 GMT 2002 

Hi,

Thanks for replying - I assumed from your reply that i should have winbindd
running so i have configured and started it up as i wasn't using it before -
see smbd.conf below

[global]
        workgroup = BCILDN
        netbios name = LNKSVR5
        netbios aliases = lnksvr5
        security = DOMAIN
        encrypt passwords = Yes
        map to guest = Bad User
        password server = LNSERVER SATURN_BDC
        username map = /usr/local/samba/private/usermap
        log level = 4
        syslog = 4
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        guest account = ksmb
        create mask = 0644

[kplushome]
        comment = kplushome
        path = /usr/kplushome
        read only = No
        guest ok = Yes
        nt acl support = No
        hide dot files = No
        fstype = Samba

[homes]
        comment = homes
        path = /HOME/%u
        read only = No
        browseable = No

I have tried to start the app as mentioned before but it fails with the same
error (Unable to read .root.passwords). The log output is below.

2002/05/16 16:34:31, 3] lib/util.c:(387)
  unix_clean_name [/common/config/.root.passwords]
[2002/05/16 16:34:31, 3] smbd/dosmode.c:(111)
  unix_mode(common/config/.root.passwords) returning 0644
[2002/05/16 16:34:31, 3] lib/util.c:(387)
  unix_clean_name [common/config/.root.passwords]
[2002/05/16 16:34:31, 4] smbd/open.c:(892)
  calling open_file with flags=0x0 flags2=0x0 mode=0644
[2002/05/16 16:34:31, 2] smbd/open.c:(233)
  INSTALL opened file common/config/.root.passwords read=Yes write=No
(numopen=1
0)
[2002/05/16 16:34:32, 3] smbd/posix_acls.c:(2112)
  set_nt_acl: chown common/config/.root.passwords. uid = 10000, gid = 10000.
[2002/05/16 16:34:32, 3] smbd/posix_acls.c:(2116)
  set_nt_acl: chown common/config/.root.passwords, 10000, 10000 failed.
Error =
Not owner.
[2002/05/16 16:34:32, 2] smbd/close.c:(213)
  kplus closed file common/config/.root.passwords (numopen=9)
[2002/05/16 16:34:32, 3] smbd/error.c:(91)
  error string = Not owner
[2002/05/16 16:34:32, 3] smbd/error.c:(110)
  error packet at smbd/nttrans.c(1375) cmd=160 (SMBnttrans)
NT_STATUS_ACCESS_DEN
IED
[2002/05/16 16:34:32, 3] smbd/process.c:(866)
  Transaction 335 of length 45
[2002/05/16 16:34:32, 3] smbd/process.c:(673)
  switch message SMBclose (pid 1177)
[2002/05/16 16:34:32, 4] smbd/uid.c:(118)
  change_to_user: Skipping user change - already user
[2002/05/16 16:34:32, 3] smbd/sec_ctx.c:(314)
  setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0
[2002/05/16 16:34:32, 3] smbd/sec_ctx.c:(319)
  2 user groups:
  1000 10000
[2002/05/16 16:34:32, 3] smbd/reply.c:(3021)
  close fd=33 fnum=8437 (numopen=9)
[2002/05/16 16:34:32, 2] smbd/close.c:(213)
  kplus closed file kplus/winnt/bin/msvcirt.dll (numopen=8)
[2002/05/16 16:34:32, 3] smbd/process.c:(866)
  Transaction 336 of length 45
[2002/05/16 16:34:32, 3] smbd/process.c:(673)
  switch message SMBclose (pid 1177)
[2002/05/16 16:34:32, 4] smbd/uid.c:(118)
  change_to_user: Skipping user change - already user
[2002/05/16 16:34:32, 3] smbd/sec_ctx.c:(314)
  setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0
[2002/05/16 16:34:32, 3] smbd/sec_ctx.c:(319)
  2 user groups:
  1000 10000

To answer your second question - i'm not sure if it is the domain SID or the
SID of the box. How do i find out?

Thanks

Tom

-----Original Message-----
From: Gerald Carter [mailto:jerry at samba.org]
Sent: 16 May 2002 13:39
To: Mead, Tom
Cc: 'samba at lists.samba.org'
Subject: Re: [Samba] Unable to validate owner sid.


On Wed, 15 May 2002, Mead, Tom wrote:

> This is a problem that i have reported previously and from what i gather
> it is a known bug that is being worked on. The error message has changed
> slightly since previous samba 2.2.X versions. The following log extract
> is taken from the same problem with samba 2.2.3a -
> 
> > [2002/02/21 11:15:44, 3] smbd/posix_acls.c:unpack_nt_owners(443)
> >   unpack_nt_owners: unable to validate owner sid.
> Note the missing "for S-1-5-21-1456024563-1430335328-122644288-2355" that
i
> now get with 2.2.4
> 
> This application has worked fine with samba 2.0.X with WINNT clients for
> a couple of years but this problem is now preventing me from upgrading
> not only samba 2.0.X to 2.2.X but WINNT to 2000 and Solaris2.6 to
> Solaris 8. If anyone can give me an idea of why this is happening, if
> there is a way around it, and if there is likely to be a fix for it soon
> it would be appreciated.

OK. You are not running winbindd correct?  Is this a domain SID
or the SID of the local Samba box?





cheers, jerry
 ---------------------------------------------------------------------
 Hewlett-Packard                                     http://www.hp.com
 SAMBA Team                                       http://www.samba.org
 --                                            http://www.plainjoe.org
 "Sam's Teach Yourself Samba in 24 Hours" 2ed.      ISBN 0-672-32269-2
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--

More information about the samba mailing list