[Samba] PDC Functions

Mike Miller temp6453 at hotmail.com
Fri Aug 8 14:41:42 GMT 2003

What I'm attempting to do is get services for unix working on a win2k box, 
running off of a samba PDC.   I am having great difficulty doing so.  I have 
added a trust relationship and added the 2k server into the domain.  I then 
try and change ownership to anyone in the domain without luck.  It always 
gives me that the Sid Lookup Failed.  Microsoft said the following and 
basically told me to use an NT/2k PDC.  I completely trust the machine in 
every way, so I'm not too worried about security of the machine, however I 
want it to work on these RPC calls to get the SIDs.  For some reason, it 
doesn't seem to be giving me any SIDs.  Any ideas?

No. The NFS server running on your file server will need the mapped domain
user's SID in order to impersonate him while accessing files. The DC will
not give out that SID unless the NFS subauthentication DLL (aka Server for
NFS Authentication) is installed on it.

In other words, you will have to migrate the DC first, and install Server
for NFS Auth on it if you need to use mapped domain users...Further, the DC
should be running pre-Win2k compat mode if the mapping server (running as
local service on a member server) is to be able to get the list of users.
--- END M$ ANSWER ---


>From: Brad Langhorst <brad at langhorst.com>
>To: Mike Miller <temp6453 at hotmail.com>
>CC: samba at lists.samba.org
>Subject: Re: [Samba] PDC Functions
>Date: 08 Aug 2003 00:19:24 -0400
>On Thu, 2003-08-07 at 23:33, Mike Miller wrote:
> > Well The windows 2000 machine is trying to obtain the SID for a user
> > [domain\username],
>is that 2k machine joined to the samba domain?
>the SID is not really a secret so i don't know why it would be tight
>about them
>if the sid is just the machine's SID + a user ID
>2*UID+2 (if i recall correctly)
>you can determine the samba machine's SID with
>rpcclient (lsaquery command)
> > but it is very tight about such security of the users'
> > SIDs.
>windows is tight or samba is tight?
> > It _will_ give me a list of users, but not their SIDs in order to
> > assign file permissions to these users.
>there should be no users on the win2k machine in a pdc environment.
>Are you trying to migrate to samba?
>There is tool to suck out the info from an NT4 pdc (vampire)
>but I'm not aware of any tool to migrate from 2k to samba.
>I don't know how to determine the SIDs of your 2k users but they must be
>in the 2k user manager somewhere.
>What's stopping you from just recreating all the users on the new PDC?
>I don't really understand what you're trying to do... sorry

Help STOP SPAM with the new MSN 8 and get 2 months FREE*   

More information about the samba mailing list