[Samba] Crazy User Entry in W2k, Samba 3.0.2a-Debian, UID-SID Mapping damaged ?

Thomas Reiß Thomas.Reiss at Theresien-Krankenhaus.de
Tue May 4 08:19:06 GMT 2004 

Hi, 

i'am testing to setup a plain Samba PDC Domain.

Now i habe the strange Problem, that the User Entry in Windows Security
Dialog show different User that the underlying Samba Filesystem (XFS).

In W2k is a User ACL called TKH\games, but such user isn't allow to do
anything in the Filesystem, so what's going on ?

Here some more Infos:

debian:/var/log/samba# smbd -V
Version 3.0.2a-Debian

debian:/var/log/samba# ls -l /var/samba/ | grep test
drwxrws---    2 reiss    edv            28 May  3 17:43 test

debian:/var/log/samba# getfacl /var/samba/test/
getfacl: Removing leading '/' from absolute path names
# file: var/samba/test
# owner: reiss
# group: edv
user::rwx
group::---
group:pflege:rwx
mask::rwx
other::---
default:user::rwx
default:group::---
default:group:pflege:rwx
default:mask::rwx
default:other::---

debian:/var/log/samba# grep games /etc/passwd
games:x:5:100:games:/usr/games:/bin/sh

debian:/var/log/samba# net getlocalsid
SID for domain DEBIAN is: S-1-5-21-521418629-2349234423-895658885

--> Why is the Domain not TKH (which is configured in smb.conf ?)

debian:/var/log/samba# net groupmap list
System Operators (S-1-5-32-549) -> -1
reiss (S-1-5-21-521418629-2349234423-895658885-1001) -> reiss
Pflege (S-1-5-21-521418629-2349234423-895658885-1000) -> pflege
root (S-1-5-21-521418629-2349234423-895658885-1002) -> root
Domain Users (S-1-5-21-521418629-2349234423-895658885-513) -> users
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
nogroup (S-1-5-21-521418629-2349234423-895658885-1008) -> nogroup
Domain Guests (S-1-5-21-521418629-2349234423-895658885-514) -> nogroup
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Admins (S-1-5-21-521418629-2349234423-895658885-512) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

--> looks strange too !?
Where comes the SID S-1-5-32-545 ?

(some Lines deleted)
debian:/var/log/samba# net user -l
root password:

User name             Comment
-----------------------------
games
nobody
root
news
postgres
bin
reiss
operator


[global]
        workgroup = TKH
        server string = %h server (Samba %v)
        obey pam restrictions = Yes
        passdb backend = tdbsam
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
        unix password sync = Yes
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        printcap name = cups
        add machine script = /usr/sbin/useradd -d /dev/null -g
workstations -s /bin/false -c
        logon script = skripte\login.cmd
        logon path = \\%L\profiles\%U\%a
        logon drive = I:
        domain logons = Yes
        os level = 66
        preferred master = Yes
        domain master = Yes
        wins server = 172.30.8.6
        ldap ssl = no
        panic action = /usr/share/samba/panic-action %d
        printing = cups

Windows 2000 Service Pack 4

I can't change the User Rigth's in Windows Security Dialog too (after
reopen the Securitydialog  the Right's resets everytime back to
Original).
Can you point me to the source of the Problem ?

I think something going completly wrong.
Can anybody help me ?

Thank You
Thomas

More information about the samba mailing list