[Samba] Help Troubleshoot SID problem?

Aden, Steve saden at itscommunications.com
Thu Mar 18 20:21:09 GMT 2004

Hi all,
	Can anyone suggest some methods and tools to help troubleshoot a
problem with SID's? I am using Samba 3.0.2a on RH9 joined to a W2K ADS
"security = ads". I am trying to set NT ACL permissions on my shares,
but after they are set and the Everyone group is removed, the users
cannot connect to the share. With logging turned up, I can see access
checks, but the user sid does not match the actual sid of the user so it
fails and returns Access Denied. make_connection: connection to testdude
denied due to security descriptor. The user's can connect via ip
address, so I am thinking this is a kerberos problem, but I haven't had
any luck fixing it after over 2 weeks of reading the HOWTO, searching
the list, and testing.

	IE: se_access_check: requested access 0x00000001, for NT token
with 7 entries and
first sid S-1-5-21-3808495487-1692608230-4030097047-21036.

	The sid on the workstation is reported as: [User]     =
"TESTLAB\testdude"  S-1-5-21-1935655697-854245398-839522115-1133

Any help would be greatly appreciated.
Thanks for the great work!

Steve Aden

Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Opinions, conclusions and other information contained in this message that do not relate to official business shall be understood as neither given nor endorsed by ITS

More information about the samba mailing list