[GOLUM] RE: [Samba] pdbedit not working as documented

Lee Ball lee at effective-it.co.uk
Wed Aug 10 17:46:43 GMT 2005 

Thats quite correct, we are all out to get you. Not only did you reply 
to your email 3 times but its only been 2 days since you posted.

If you want help in future, learn to be more patient, not everyone has 
time to respond to emails. Sometimes people can only reply at weekends, 
or using their works email account that they don't have access to from 
home. If thats the case then if someone was off on Tues or Monday then 
it will be 2 days until you get a reply.

NO'ONE is guaranteed to get a response, but replying to your own emails 
and then giving a shitty reply after not receiving a lightning quick 
response from a volunteer supported mailing list WILL get an email like 
this.

Now go and play with Mr Gates, no doubt you will send an email to the 
Windows 2003 server mailing lists of a similar style.

John McLoskey wrote:
> Thanks everyone for your lack of any response whatsoever, I find it builds
> character to be ignored throughout challenges I encounter in my life. Since
> I was unable to explain why Samba is predisposed to a range of SID for all
> accounts, the client who was interested in keeping his Linux/Samba solution
> will be migrating to Window 2003. I hope that feels as bad, deep in your
> stomach, as it does mine! Thanks for nothing.
> 
> -----Original Message-----
> From: golum-bounces at golum.org [mailto:golum-bounces at golum.org] On Behalf Of
> John McLoskey
> Sent: Tuesday, August 09, 2005 3:03 AM
> To: samba at lists.samba.org; golum at golum.org
> Subject: [GOLUM] RE: [Samba] pdbedit not working as documented
> 
> Am I building user_sid internally every time? 
> We seem to ignore -U argument to pdbedit.
> At line 475 of samba-3.0.14a/source/utils/pdbedit.c;
> 
> 	if (user_sid) {
> 		DOM_SID u_sid;
> 		if (!string_to_sid(&u_sid, user_sid)) {
> 			/* not a complete sid, may be a RID, try building a
> SID */
> 			int u_rid;
> 			
> 			if (sscanf(user_sid, "%d", &u_rid) != 1) {
> 				fprintf(stderr, "Error passed string is not
> a complete user SID or RID!\n");
> 				return -1;
> 			}
> 			sid_copy(&u_sid, get_global_sam_sid());
> 			sid_append_rid(&u_sid, u_rid);
> 		}
> 		pdb_set_user_sid (sam_pwent, &u_sid, PDB_CHANGED);
> 	}
> 	if (group_sid) {
> 		DOM_SID g_sid;
> 		if (!string_to_sid(&g_sid, group_sid)) {
> 			/* not a complete sid, may be a RID, try building a
> SID */
> 			int g_rid;
> 			
> 			if (sscanf(group_sid, "%d", &g_rid) != 1) {
> 				fprintf(stderr, "Error passed string is not
> a complete group SID or RID!\n");
> 				return -1;
> 			}
> 			sid_copy(&g_sid, get_global_sam_sid());
> 			sid_append_rid(&g_sid, g_rid);
> 		}
> 		pdb_set_group_sid (sam_pwent, &g_sid, PDB_CHANGED);
> 	}
> 
> -----Original Message-----
> From: samba-bounces+johnmcloskey=bellsouth.net at lists.samba.org
> [mailto:samba-bounces+johnmcloskey=bellsouth.net at lists.samba.org] On Behalf
> Of John McLoskey
> Sent: Tuesday, August 09, 2005 12:46 AM
> To: samba at lists.samba.org
> Subject: RE: [Samba] pdbedit not working as documented
> 
> Modifying account has same behavior;
> 
> smbsvr# pdbedit -r test1 -U S-1-5-21-1375268081-527015025-691025275-3010
> Unix username:        test1
> NT username:
> Account Flags:        [U          ]
> User SID:             S-1-5-21-1375268081-527015025-691025275-3008
> Primary Group SID:    S-1-5-21-1375268081-527015025-691025275-3009
> Full Name:            User &
> Home Directory:       \\smbsvr\home\test1
> HomeDir Drive:        H:
> Logon Script:
> Profile Path:         \\smbsvr\home\test1\profile
> Domain:               WORKGROUP
> Account desc:
> Workstations:
> Munged dial:
> Logon time:           0
> Logoff time:          Mon, 18 Jan 2038 21:14:07 UTC
> Kickoff time:         Mon, 18 Jan 2038 21:14:07 UTC
> Password last set:    Tue, 09 Aug 2005 04:53:13 UTC
> Password can change:  Tue, 09 Aug 2005 04:53:13 UTC
> Password must change: Mon, 18 Jan 2038 21:14:07 UTC
> Last bad password   : 0
> Bad password count  : 0
> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> 
> -----Original Message-----
> From: samba-bounces+johnmcloskey=bellsouth.net at lists.samba.org
> [mailto:samba-bounces+johnmcloskey=bellsouth.net at lists.samba.org] On Behalf
> Of John McLoskey
> Sent: Monday, August 08, 2005 11:55 PM
> To: samba at lists.samba.org
> Subject: [Samba] pdbedit not working as documented
> 
> I have am hitting a wall with pdbedit, as shown below. 
> Any workarounds would be greatly appreciated. 
> I am encountering the inability to change any users (profile) SID on Samba
> 3.x for Linux and BSD, which causes the accounts to no longer recognize
> their local Samba 2 profiles once they join Samba 3 domain. If I add a new
> user and pdbedit -a user -U SID it ignores the -U.
> The old profiles appear on the Windows clients as "unknown profile". 
> The problem is that the profiles are inaccessible. 
> If I man pdbedit, it clearly states the ability to;
> 
> 
> 
>  smbsvr# man pdbedit
> 
> ...
> 
>       -G SID|rid
>               This option can be used while adding or  modifying  a  user
> ac-
>               count. It will specify the users' new primary group SID
> (Securi-
>               ty Identifier) or rid.
> 
>               Example: -G S-1-5-21-2447931902-1787058256-3961074038-1201
> 
> 
>        -U SID|rid
>               This option can be used while adding or  modifying  a  user
> ac-
>               count.  It will specify the users' new SID (Security
> Identifier)
>               or rid.
> 
>               Example: -U S-1-5-21-2447931902-1787058256-3961074038-5004
> 
> Last login: Mon Aug  8 22:00:37 2005 from 192.168.1.101
> Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
>         The Regents of the University of California.  All rights reserved.
> 
> FreeBSD 5.4-RELEASE (GENERIC) #0: Sun May  8 10:21:06 UTC 2005
> 
> smbsvr# pdbedit -V
> Version 3.0.12
> smbsvr# pdbedit -r Administrator
> Unix username:        Administrator
> NT username:
> Account Flags:        [U          ]
> User SID:             S-1-5-21-1375268081-527015025-691025275-3006
> Primary Group SID:    S-1-5-21-1375268081-527015025-691025275-3007
> Full Name:            User &
> Home Directory:       \\smbsvr\home\Administrator
> HomeDir Drive:        H:
> Logon Script:
> Profile Path:         \\smbsvr\home\Administrator\profile
> Domain:               WORKGROUP
> Account desc:
> Workstations:
> Munged dial:
> Logon time:           0
> Logoff time:          Mon, 18 Jan 2038 21:14:07 UTC
> Kickoff time:         Mon, 18 Jan 2038 21:14:07 UTC
> Password last set:    Mon, 08 Aug 2005 21:39:22 UTC
> Password can change:  Mon, 08 Aug 2005 21:39:22 UTC
> Password must change: Mon, 18 Jan 2038 21:14:07 UTC
> Last bad password   : 0
> Bad password count  : 0
> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> smbsvr# pdbedit -u Administrator -U
> S-1-5-21-1375268081-527015025-691025275-3007
> Administrator:1003:User &
> smbsvr# pdbedit -r Administrator
> Unix username:        Administrator
> NT username:
> Account Flags:        [U          ]
> User SID:             S-1-5-21-1375268081-527015025-691025275-3006
> Primary Group SID:    S-1-5-21-1375268081-527015025-691025275-3007
> Full Name:            User &
> Home Directory:       \\smbsvr\home\Administrator
> HomeDir Drive:        H:
> Logon Script:
> Profile Path:         \\smbsvr\home\Administrator\profile
> Domain:               WORKGROUP
> Account desc:
> Workstations:
> Munged dial:
> Logon time:           0
> Logoff time:          Mon, 18 Jan 2038 21:14:07 UTC
> Kickoff time:         Mon, 18 Jan 2038 21:14:07 UTC
> Password last set:    Mon, 08 Aug 2005 21:39:22 UTC
> Password can change:  Mon, 08 Aug 2005 21:39:22 UTC
> Password must change: Mon, 18 Jan 2038 21:14:07 UTC
> Last bad password   : 0
> Bad password count  : 0
> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> smbsvr# adduser
> Username: test1
> Full name:
> Uid (Leave empty for default):
> Login group [test1]:
> Login group is test1. Invite test1 into other groups? []:
> Login class [default]:
> Shell (sh csh tcsh nologin) [sh]:
> Home directory [/home/test1]:
> Use password-based authentication? [yes]:
> Use an empty password? (yes/no) [no]:
> Use a random password? (yes/no) [no]:
> Enter password:
> Enter password again:
> Lock out the account after creation? [no]:
> Username   : test1
> Password   : *****
> Full Name  :
> Uid        : 1004
> Class      :
> Groups     : test1
> Home       : /home/test1
> Shell      : /bin/sh
> Locked     : no
> OK? (yes/no): yes
> adduser: INFO: Successfully added (test1) to the user database.
> Add another user? (yes/no): no
> Goodbye!
> smbsvr#
> smbsvr#
> smbsvr# pdbedit -a test1 -U S-1-5-21-1375268081-527015025-691025275-5000
> new password:
> retype new password:
> Unix username:        test1
> NT username:
> Account Flags:        [U          ]
> User SID:             S-1-5-21-1375268081-527015025-691025275-3008
> Primary Group SID:    S-1-5-21-1375268081-527015025-691025275-3009
> Full Name:            User &
> Home Directory:       \\smbsvr\home\pdigm\test1
> HomeDir Drive:        H:
> Logon Script:
> Profile Path:         \\smbsvr\home\pdigm\test1\profile
> Domain:               WORKGROUP
> Account desc:
> Workstations:
> Munged dial:
> Logon time:           0
> Logoff time:          Mon, 18 Jan 2038 21:14:07 UTC
> Kickoff time:         Mon, 18 Jan 2038 21:14:07 UTC
> Password last set:    Tue, 09 Aug 2005 04:53:13 UTC
> Password can change:  Tue, 09 Aug 2005 04:53:13 UTC
> Password must change: Mon, 18 Jan 2038 21:14:07 UTC
> Last bad password   : 0
> Bad password count  : 0
> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> smbsvr# wtf
> wtf: Command not found.
> smbsvr#
>

More information about the samba mailing list