[Samba] winXP sp1 seems to break roaming profiles on samba3

Bradley W. Langhorst brad at langhorst.com
Wed Sep 11 14:33:32 GMT 2002

On Tue, 2002-09-10 at 23:37, Bradley W. Langhorst wrote:
> I applied sp1 and get a message saying that the 
> "a server copy of the profile exists that does not have the correct
> security. Either the current user or the Administrator's group must be
> the owner of the folder."
> the owner of the profile is correct...
> It works again when I re-image back to pre sp1
> there is an event in the security log saying...
> Logon Failure:
> 	Reason: An error occurred during logon
> 	User Name: bwlang
> 	Logon Type: 11
> 	Logon Process: User32
> 	Authentication Package: Negotiate
> 	Workstation Name: UNIVERSI-67IZIT
> 	Status code: 0xC000005E
> 	Substatus code: 0x0
> I've tried this for more than one user with the same events and
> problems...
I've just been checking through my logs and i only find this. I'll try
some increased logs shortly.

[2002/09/11 10:18:42, 2] passdb/pdb_ldap.c:init_sam_from_ldap(668)
  Entry found for user: bwlang
[2002/09/11 10:18:42, 2] auth/auth.c:check_ntlm_password(266)
  check_password:  authentication for user [bwlang] -> [bwlang] ->
[bwlang] suceeded
[2002/09/11 10:18:42, 0]
  get_domain_user_groups: primary gid of user [bwlang] is not a Domain
group !
  get_domain_user_groups: You should fix it, NT doesn't like that

i've seen that message before - its wrong 
groups bwlang says 
bwlang : labusers power_users disk floppy audio
labusers is mapped to "Domain Users"

unheq1:/var/log/samba# smbgroupedit -s
NT group (SID) -> Unix group
System Operators (S-1-5-32-549) -> -1
Domain Users (S-1-5-21-1995982474-3671514283-3045899775-513) -> labuse

I'll increase the logging to see if i can find something.


PS. If you're thinking that SP1 reset the signorseal flag, i checked the
reg values and they're all 0

More information about the samba mailing list