[GOLUM] RE: [Samba] pdbedit not working as documented

Dimitri Yioulos dyioulos at firstbhph.com
Wed Aug 10 18:23:36 GMT 2005 

You think Microsoft's mailing lists and forums are better?  Just wait (and 
wait, and and ...).  Oh, that's right, you can call Microsft for help ,,, and 
shell out $295 per.

Dimitri 

John McLoskey wrote:
> Thanks everyone for your lack of any response whatsoever, I find it builds
> character to be ignored throughout challenges I encounter in my life. Since
> I was unable to explain why Samba is predisposed to a range of SID for all
> accounts, the client who was interested in keeping his Linux/Samba solution
> will be migrating to Window 2003. I hope that feels as bad, deep in your
> stomach, as it does mine! Thanks for nothing.
> 
> -----Original Message-----
> From: golum-bounces at golum.org [mailto:golum-bounces at golum.org] On Behalf Of
> John McLoskey
> Sent: Tuesday, August 09, 2005 3:03 AM
> To: samba at lists.samba.org; golum at golum.org
> Subject: [GOLUM] RE: [Samba] pdbedit not working as documented
> 
> Am I building user_sid internally every time? 
> We seem to ignore -U argument to pdbedit.
> At line 475 of samba-3.0.14a/source/utils/pdbedit.c;
> 
>       if (user_sid) {
>               DOM_SID u_sid;
>               if (!string_to_sid(&u_sid, user_sid)) {
>                       /* not a complete sid, may be a RID, try building a
> SID */
>                       int u_rid;
>                       
>                       if (sscanf(user_sid, "%d", &u_rid) != 1) {
>                               fprintf(stderr, "Error passed string is not
> a complete user SID or RID!\n");
>                               return -1;
>                       }
>                       sid_copy(&u_sid, get_global_sam_sid());
>                       sid_append_rid(&u_sid, u_rid);
>               }
>               pdb_set_user_sid (sam_pwent, &u_sid, PDB_CHANGED);
>       }
>       if (group_sid) {
>               DOM_SID g_sid;
>               if (!string_to_sid(&g_sid, group_sid)) {
>                       /* not a complete sid, may be a RID, try building a
> SID */
>                       int g_rid;
>                       
>                       if (sscanf(group_sid, "%d", &g_rid) != 1) {
>                               fprintf(stderr, "Error passed string is not
> a complete group SID or RID!\n");
>                               return -1;
>                       }
>                       sid_copy(&g_sid, get_global_sam_sid());
>                       sid_append_rid(&g_sid, g_rid);
>               }
>               pdb_set_group_sid (sam_pwent, &g_sid, PDB_CHANGED);
>       }
> 
> -----Original Message-----
> From: samba-bounces+johnmcloskey=bellsouth.net at lists.samba.org
> [mailto:samba-bounces+johnmcloskey=bellsouth.net at lists.samba.org] On Behalf
> Of John McLoskey
> Sent: Tuesday, August 09, 2005 12:46 AM
> To: samba at lists.samba.org
> Subject: RE: [Samba] pdbedit not working as documented
> 
> Modifying account has same behavior;
> 
> smbsvr# pdbedit -r test1 -U S-1-5-21-1375268081-527015025-691025275-3010
> Unix username:        test1
> NT username:
> Account Flags:        [U          ]
> User SID:             S-1-5-21-1375268081-527015025-691025275-3008
> Primary Group SID:    S-1-5-21-1375268081-527015025-691025275-3009
> Full Name:            User &
> Home Directory:       \\smbsvr\home\test1
> HomeDir Drive:        H:
> Logon Script:
> Profile Path:         \\smbsvr\home\test1\profile
> Domain:               WORKGROUP
> Account desc:
> Workstations:
> Munged dial:
> Logon time:           0
> Logoff time:          Mon, 18 Jan 2038 21:14:07 UTC
> Kickoff time:         Mon, 18 Jan 2038 21:14:07 UTC
> Password last set:    Tue, 09 Aug 2005 04:53:13 UTC
> Password can change:  Tue, 09 Aug 2005 04:53:13 UTC
> Password must change: Mon, 18 Jan 2038 21:14:07 UTC
> Last bad password   : 0
> Bad password count  : 0
> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> 
> -----Original Message-----
> From: samba-bounces+johnmcloskey=bellsouth.net at lists.samba.org
> [mailto:samba-bounces+johnmcloskey=bellsouth.net at lists.samba.org] On Behalf
> Of John McLoskey
> Sent: Monday, August 08, 2005 11:55 PM
> To: samba at lists.samba.org
> Subject: [Samba] pdbedit not working as documented
> 
> I have am hitting a wall with pdbedit, as shown below. 
> Any workarounds would be greatly appreciated. 
> I am encountering the inability to change any users (profile) SID on Samba
> 3.x for Linux and BSD, which causes the accounts to no longer recognize
> their local Samba 2 profiles once they join Samba 3 domain. If I add a new
> user and pdbedit -a user -U SID it ignores the -U.
> The old profiles appear on the Windows clients as "unknown profile". 
> The problem is that the profiles are inaccessible. 
> If I man pdbedit, it clearly states the ability to;
> 
> 
> 
>  smbsvr# man pdbedit
> 
> ...
> 
>       -G SID|rid
>               This option can be used while adding or  modifying  a  user
> ac-
>               count. It will specify the users' new primary group SID
> (Securi-
>               ty Identifier) or rid.
> 
>               Example: -G S-1-5-21-2447931902-1787058256-3961074038-1201
> 
> 
>        -U SID|rid
>               This option can be used while adding or  modifying  a  user
> ac-
>               count.  It will specify the users' new SID (Security
> Identifier)
>               or rid.
> 
>               Example: -U S-1-5-21-2447931902-1787058256-3961074038-5004
> 
> Last login: Mon Aug  8 22:00:37 2005 from 192.168.1.101
> Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
>         The Regents of the University of California.  All rights reserved.
> 
> FreeBSD 5.4-RELEASE (GENERIC) #0: Sun May  8 10:21:06 UTC 2005
> 
> smbsvr# pdbedit -V
> Version 3.0.12
> smbsvr# pdbedit -r Administrator
> Unix username:        Administrator
> NT username:
> Account Flags:        [U          ]
> User SID:             S-1-5-21-1375268081-527015025-691025275-3006
> Primary Group SID:    S-1-5-21-1375268081-527015025-691025275-3007
> Full Name:            User &
> Home Directory:       \\smbsvr\home\Administrator
> HomeDir Drive:        H:
> Logon Script:
> Profile Path:         \\smbsvr\home\Administrator\profile
> Domain:               WORKGROUP
> Account desc:
> Workstations:
> Munged dial:
> Logon time:           0
> Logoff time:          Mon, 18 Jan 2038 21:14:07 UTC
> Kickoff time:         Mon, 18 Jan 2038 21:14:07 UTC
> Password last set:    Mon, 08 Aug 2005 21:39:22 UTC
> Password can change:  Mon, 08 Aug 2005 21:39:22 UTC
> Password must change: Mon, 18 Jan 2038 21:14:07 UTC
> Last bad password   : 0
> Bad password count  : 0
> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> smbsvr# pdbedit -u Administrator -U
> S-1-5-21-1375268081-527015025-691025275-3007
> Administrator:1003:User &
> smbsvr# pdbedit -r Administrator
> Unix username:        Administrator
> NT username:
> Account Flags:        [U          ]
> User SID:             S-1-5-21-1375268081-527015025-691025275-3006
> Primary Group SID:    S-1-5-21-1375268081-527015025-691025275-3007
> Full Name:            User &
> Home Directory:       \\smbsvr\home\Administrator
> HomeDir Drive:        H:
> Logon Script:
> Profile Path:         \\smbsvr\home\Administrator\profile
> Domain:               WORKGROUP
> Account desc:
> Workstations:
> Munged dial:
> Logon time:           0
> Logoff time:          Mon, 18 Jan 2038 21:14:07 UTC
> Kickoff time:         Mon, 18 Jan 2038 21:14:07 UTC
> Password last set:    Mon, 08 Aug 2005 21:39:22 UTC
> Password can change:  Mon, 08 Aug 2005 21:39:22 UTC
> Password must change: Mon, 18 Jan 2038 21:14:07 UTC
> Last bad password   : 0
> Bad password count  : 0
> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> smbsvr# adduser
> Username: test1
> Full name:
> Uid (Leave empty for default):
> Login group [test1]:
> Login group is test1. Invite test1 into other groups? []:
> Login class [default]:
> Shell (sh csh tcsh nologin) [sh]:
> Home directory [/home/test1]:
> Use password-based authentication? [yes]:
> Use an empty password? (yes/no) [no]:
> Use a random password? (yes/no) [no]:
> Enter password:
> Enter password again:
> Lock out the account after creation? [no]:
> Username   : test1
> Password   : *****
> Full Name  :
> Uid        : 1004
> Class      :
> Groups     : test1
> Home       : /home/test1
> Shell      : /bin/sh
> Locked     : no
> OK? (yes/no): yes
> adduser: INFO: Successfully added (test1) to the user database.
> Add another user? (yes/no): no
> Goodbye!
> smbsvr#
> smbsvr#
> smbsvr# pdbedit -a test1 -U S-1-5-21-1375268081-527015025-691025275-5000
> new password:
> retype new password:
> Unix username:        test1
> NT username:
> Account Flags:        [U          ]
> User SID:             S-1-5-21-1375268081-527015025-691025275-3008
> Primary Group SID:    S-1-5-21-1375268081-527015025-691025275-3009
> Full Name:            User &
> Home Directory:       \\smbsvr\home\pdigm\test1
> HomeDir Drive:        H:
> Logon Script:
> Profile Path:         \\smbsvr\home\pdigm\test1\profile
> Domain:               WORKGROUP
> Account desc:
> Workstations:
> Munged dial:
> Logon time:           0
> Logoff time:          Mon, 18 Jan 2038 21:14:07 UTC
> Kickoff time:         Mon, 18 Jan 2038 21:14:07 UTC
> Password last set:    Tue, 09 Aug 2005 04:53:13 UTC
> Password can change:  Tue, 09 Aug 2005 04:53:13 UTC
> Password must change: Mon, 18 Jan 2038 21:14:07 UTC
> Last bad password   : 0
> Bad password count  : 0
> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> smbsvr# wtf
> wtf: Command not found.
> smbsvr#
> 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list