[Samba] winXP sp1 seems to break roaming profiles on samba3
Bradley W. Langhorst
brad at langhorst.com
Wed Sep 11 14:33:32 GMT 2002
On Tue, 2002-09-10 at 23:37, Bradley W. Langhorst wrote:
> I applied sp1 and get a message saying that the
> "a server copy of the profile exists that does not have the correct
> security. Either the current user or the Administrator's group must be
> the owner of the folder."
> the owner of the profile is correct...
> It works again when I re-image back to pre sp1
> there is an event in the security log saying...
> Logon Failure:
> Reason: An error occurred during logon
> User Name: bwlang
> Domain: LAUELAB_TEST
> Logon Type: 11
> Logon Process: User32
> Authentication Package: Negotiate
> Workstation Name: UNIVERSI-67IZIT
> Status code: 0xC000005E
> Substatus code: 0x0
> I've tried this for more than one user with the same events and
I've just been checking through my logs and i only find this. I'll try
some increased logs shortly.
[2002/09/11 10:18:42, 2] passdb/pdb_ldap.c:init_sam_from_ldap(668)
Entry found for user: bwlang
[2002/09/11 10:18:42, 2] auth/auth.c:check_ntlm_password(266)
check_password: authentication for user [bwlang] -> [bwlang] ->
[2002/09/11 10:18:42, 0]
get_domain_user_groups: primary gid of user [bwlang] is not a Domain
get_domain_user_groups: You should fix it, NT doesn't like that
i've seen that message before - its wrong
groups bwlang says
bwlang : labusers power_users disk floppy audio
labusers is mapped to "Domain Users"
unheq1:/var/log/samba# smbgroupedit -s
NT group (SID) -> Unix group
System Operators (S-1-5-32-549) -> -1
Domain Users (S-1-5-21-1995982474-3671514283-3045899775-513) -> labuse
I'll increase the logging to see if i can find something.
PS. If you're thinking that SP1 reset the signorseal flag, i checked the
reg values and they're all 0
More information about the samba