FW: [Samba] RID to SID Bug? Share ACL Access Denied
Aden, Steve
saden at itscommunications.com
Wed Mar 31 22:08:17 GMT 2004
Thank you for the response.
I tried the suggestions and have found no change. I still see the sid
being set to the domain "SAMBASERVER" instead of the W2K ADS domain and
the rid logged does not match the actual rid of the user account.
<-snip-from machine log>
[2004/03/31 15:45:48, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(510)
PAC_TYPE_UNKNOWN_10
[2004/03/31 15:45:48, 7] rpc_parse/parse_prs.c:prs_debug(82)
000200 pac_io_unknown_type_10 pac data
[2004/03/31 15:45:48, 8] rpc_parse/parse_prs.c:prs_debug(82)
000200 smb_io_time unknown_time
[2004/03/31 15:45:48, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0200 low : 719e7000
[2004/03/31 15:45:48, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0204 high: 01c41739
[2004/03/31 15:45:48, 5] rpc_parse/parse_prs.c:prs_uint16(606)
0208 len: 0010
[2004/03/31 15:45:48, 5] rpc_parse/parse_prs.c:prs_uint16s(765)
020a name: t.e.s.t.g.i.r.l.
[2004/03/31 15:45:48, 6] rpc_parse/parse_prs.c:prs_debug(82)
00021a pac_io_pac_info_hdr_ctr pac data
[2004/03/31 15:45:48, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(452)
offset in header(x220) and data(x21c) do not match
[2004/03/31 15:45:48, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(481)
PAC_TYPE_SERVER_CHECKSUM
[2004/03/31 15:45:48, 7] rpc_parse/parse_prs.c:prs_debug(82)
000220 pac_io_pac_signature_data pac data
[2004/03/31 15:45:48, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0220 type: ffffff76
[2004/03/31 15:45:48, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
0224 signature: f0 26 d7 63 5d e6 8b 4e 52 40 72 cb 6a f1
ac 16
[2004/03/31 15:45:48, 6] rpc_parse/parse_prs.c:prs_debug(82)
000234 pac_io_pac_info_hdr_ctr pac data
[2004/03/31 15:45:48, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(452)
offset in header(x238) and data(x234) do not match
[2004/03/31 15:45:48, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(495)
PAC_TYPE_PRIVSVR_CHECKSUM
[2004/03/31 15:45:48, 7] rpc_parse/parse_prs.c:prs_debug(82)
000238 pac_io_pac_signature_data pac data
[2004/03/31 15:45:48, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0238 type: ffffff76
[2004/03/31 15:45:48, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
023c signature: 68 49 32 71 0c 65 b0 f2 05 53 7e 1b 7e 06
52 e2
[2004/03/31 15:45:48, 3] smbd/sesssetup.c:reply_spnego_kerberos(179)
Ticket name is [testgirl at DOMAIN.COM]
[2004/03/31 15:45:48, 10] smbd/sesssetup.c:reply_spnego_kerberos(220)
Mapping [DOMAIN.COM] to short name
[2004/03/31 15:45:48, 10] smbd/sesssetup.c:reply_spnego_kerberos(233)
Mapped to [DOMAIN]
[2004/03/31 15:45:48, 5] lib/username.c:Get_Pwnam(288)
Finding user DOMAIN_testgirl
[2004/03/31 15:45:48, 5] lib/username.c:Get_Pwnam_internals(223)
Trying _Get_Pwnam(), username as lowercase is domain_testgirl
[2004/03/31 15:45:48, 5] lib/username.c:Get_Pwnam_internals(251)
Get_Pwnam_internals did find user [DOMAIN_testgirl]!
[2004/03/31 15:45:48, 6] param/loadparm.c:lp_file_list_changed(2653)
lp_file_list_changed()
file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed
Mar 31 15:
43:28 2004
[2004/03/31 15:45:48, 10] passdb/pdb_get_set.c:pdb_set_username(593)
pdb_set_username: setting username DOMAIN_testgirl, was
[2004/03/31 15:45:48, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493)
element 11 -> now SET
[2004/03/31 15:45:48, 10] passdb/pdb_get_set.c:pdb_set_fullname(674)
pdb_set_full_name: setting full name testgirl, was
[2004/03/31 15:45:48, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493)
element 12 -> now SET
[2004/03/31 15:45:48, 10] passdb/pdb_get_set.c:pdb_set_unix_homedir(809)
pdb_set_unix_homedir: setting home dir /home/DOMAIN/testgirl, was NULL
[2004/03/31 15:45:48, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493)
element 21 -> now SET
[2004/03/31 15:45:48, 10] passdb/pdb_get_set.c:pdb_set_domain(620)
pdb_set_domain: setting domain SAMBASERVER, was
[2004/03/31 15:45:48, 10] passdb/pdb_get_set.c:pdb_set_user_sid(520)
pdb_set_user_sid: setting user sid
S-1-5-21-74637098-2648309090-13861XXXXX-210
02
[2004/03/31 15:45:48, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493)
element 17 -> now SET
[2004/03/31 15:45:48, 10]
passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73)
pdb_set_user_sid_from_rid:
setting user sid S-1-5-21-74637098-2648309090-13861XXXXX-21002
from rid
21002
<-snip->
>does wbinfo -[tug] all work?
>What about 'getent passwd' ?
Yes all of these work correctly.
Do the PAC errors have something to do with this? As seen above, there
are a few in the log: "PAC_TYPE_UNKNOWN_10", "pac_io_unknown_type_10 pac
data", "offset in header(x238) and data(x234) do not match".
What else can I send that will help nail down the problem here?
Thanks again.
Steve
-----Original Message-----
From: Gerald (Jerry) Carter [mailto:jerry at samba.org]
Sent: Wednesday, March 31, 2004 3:37 PM
To: Aden, Steve
Subject: Re: FW: [Samba] RID to SID Bug? Share ACL Access Denied
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Aden, Steve wrote:
| Hi,
| Is this problem related to this bug?
| Bugzilla Bug 1165
| Samba ADS Kerberos login doesnt resolve correct groups when smbd is
| su'ing to the uid
| https://bugzilla.samba.org/show_bug.cgi?id=1165
|
| Anyone? Please respond. I am desperate to get this working.
I don't think you provided enough information. Try this
stop smbd nmbd & winbindd
~ root# mv winbindd_idmap.tdb windbindd_idmap.tdb-
~ root# vi /usr/local/samba/lib/smb.conf
~ ...add 'winbind enable local accounts = no' in [global]...
start smbd nmbd winbindd
rerun you tests.
does wbinfo -[tug] all work?
What about 'getent passwd' ?
jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAayvuIR7qMdg1EfYRAnUAAKCWrV32p0Xvz399Srqx6B5h12fkJwCeJITQ
AfIFw3J79FnISrccK/qLUJs=
=hkiz
-----END PGP SIGNATURE-----
_____________________________________________________
This message was content-scanned by IXC Shield
Powered by GatewayDefender - BH08e1e7c8.00000001.mml
More information about the samba
mailing list