[Samba] Re: Samba 3.0.7 & adding machines. Wrong primary group.

Igor Belyi sambauser at katehok.ac93.org
Wed Oct 13 16:00:36 GMT 2004 

Michael Liebl wrote:

> Domainname: MITTELERDE
>
>PDC:        ISENGART
>
>Machinename I added: TESTMACHINE
>
>My Command:
>add machine script = /usr/sbin/useradd -c Samba-Computer -d /dev/null  -g machines -s /bin/false %u
>
>If I change 'set primary group script' to "/bin/true" the machine will
>stay in Group machines, so the command works.
>
>After adding the machine, it has the primary unix group "domusr".
>
>Domain Users (S-1-5-21-1418210569-3342691074-3409555407-513) -> domusr
>
>Using:      Debian/unstable x86 Linux 2.6.5
>Samba:      Version 3.0.7-Debian
>            (Also I checked with FC2)
>
>If you need more info, please let me know.
>  
>

Interesting case... The request comes from Windows to update machine 
account with a bunch of new values and in this request RID of the 
primary group for the account (group_rid) is listed as 513 (0x201).

If you look at the 'fields_present' in the request you will notice that 
it requests almost all information to be updated - 09f827fa (this is a 
bitwise mask of fields to be updated). When I add a computer in my 
domain I have it only '00c4 fields_present : 01100002'. Note, that on 
the other hand I have similar set of data updates when I create normal 
user with usrmgr.exe: "00c4 fields_present : 08f827fa".

So, I suspect the problem is somewhere on Windows side. I haven't found 
any Domain Policy requiring all accounts to be in "Domain Users" group 
which is the only thing which comes to my mind as a probably cause for 
the problem.

I hope somebody having more experience with different Domain/Windows 
configurations can help in this case.

Bellow is the relavent extracts from the (log level = 5) smbd log:

Igor

[2004/10/11 09:06:31, 3] rpc_server/srv_samr_nt.c:_samr_create_user(2245)
  _samr_create_user: Running the command `/usr/sbin/useradd -c 
Samba-Computer -d /dev/null  -g machines -G samba -s /bin/false 
testmachine$' gave 0
[2004/10/11 09:06:31, 5] lib/username.c:Get_Pwnam(293)
  Finding user testmachine$
..........
[2004/10/11 09:06:31, 5] passdb/pdb_tdb.c:tdb_update_sam(631)
  Storing (new) account testmachine$ with RID 5024
..........
[2004/10/11 09:06:31, 4] rpc_server/srv_pipe.c:api_rpcTNP(1534)
  api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command: SAMR_SET_USERINFO
..........
[2004/10/11 09:06:31, 5] rpc_parse/parse_prs.c:prs_uint32(635)
              00b8 user_rid      : 00000000
[2004/10/11 09:06:31, 5] rpc_parse/parse_prs.c:prs_uint32(635)
              00bc group_rid     : 00000201
[2004/10/11 09:06:31, 5] rpc_parse/parse_prs.c:prs_uint32(635)
              00c0 acb_info      : 00000080
[2004/10/11 09:06:31, 5] rpc_parse/parse_prs.c:prs_uint32(635)
              00c4 fields_present : 09f827fa
..........
[2004/10/11 09:06:31, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2977)
  _samr_set_userinfo: 
sid:S-1-5-21-1418210569-3342691074-3409555407-5024, level:23
[2004/10/11 09:06:31, 5] rpc_server/srv_samr_nt.c:set_user_info_23(2830)
  Attempting administrator password change (level 23) for user testmachine$
[2004/10/11 09:06:31, 5] rpc_server/srv_samr_nt.c:set_user_info_23(2850)
  Changing trust account or non-unix-user password, not updating /etc/passwd
[2004/10/11 09:06:31, 3] passdb/lookup_sid.c:fetch_gid_from_cache(247)
  fetch uid from cache 6000 -> S-1-5-21-1418210569-3342691074-3409555407-513
[2004/10/11 09:06:31, 3] groupdb/mapping.c:smb_set_primary_group(1189)
  smb_set_primary_group: Running the command `/usr/sbin/usermod -g 
domusr testmachine$' gave 0
[2004/10/11 09:06:31, 5] passdb/pdb_tdb.c:tdb_update_sam(631)
  Storing account testmachine$ with RID 5024

More information about the samba mailing list