[Samba] PDC: Strange username translations...
Navid Zamani
navid.zamani at cyberworldz.org
Wed Jul 13 19:18:45 GMT 2005
Hi,
i'm running a samba PDC on samba 3.0 and just had to reinstall the server
because of a dead cpu causing corruption.
luckily i had complete backups of the samba-files, so i copied them back to
/etc/samba, /var/lib/samba and /var/cache samba. (tdb-files)
i had one workstation (xp) removed from the domain and wanted to add it
again, but then the station always gives me an error that i can't have
multiple connections with different users.
i looked at net use and the same on the samba server and even did "net use
* /delete" but still get the error.
and i looked at it and the registry-patch to disable the encription is
still applied.
now the strangest thing:
when i want to join the domain i get asked for the a username and enter
"root" and the correct password. but in log level 2 samba tells me that i
log in as "Administrator" ([Administrator] -> [root] -> [root]; i have a
usermap of "Administrator" to "root". if i disable the usermap i get an
"access denied"!)
the thing i don't understand here why does samba get "Administrator" when i
clearly type in "root"?
i guess the problem could be that "Administrator" and "root" count as two
different users, but... where does this "Administrator" come from?? :(
Now i can't join the domain anymore. :((
I would even try a different way to set up the server from scratch by using
the already existing tdb-files, but i also don't know how to do this
without typing in the stuff from scratch with pdbedit, and so on...
Any ideas?
----------
My smb.conf:
[global]
workgroup = INTRANET
netbios name = INTRANETSERVER
server string = CyberWorldZ IntranetServer
security = user
passdb backend = tdbsam
interfaces = eth0 lo
#username map = /etc/samba/smbusers
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u
logon script = logon.cmd
logon path = \\INTRANETSERVER\Profiles\%U
logon drive = H:
logon home = \\%L\%U
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
idmap uid = 15000-20000
idmap gid = 15000-20000
time server = Yes
wins support = Yes
log level = 1
hide dot files = Yes
hide special files = Yes
hide unreadable = Yes
hide files = /desktop.ini/thumbs.db/
load printers = yes
printing = cups
printcap = cups
vfs objects = recycle
recycle:repository = .recycle
recycle:keeptree = Yes
recycle:versions = Yes
guest account = nobody
map to guest = Bad User
oplocks = Yes
level2 oplocks = Yes
#disable netbios = Yes
csc policy = manual
[homes]
comment = Home-Verzeichnisse
valid users = %S
read only = No
browseable = No
[public]
comment = Gemeinsame Dateien
path = /home/public
guest ok = Yes
browsable = Yes
read only = No
create mode = 0766
[netlogon]
comment = Netzwerk-Anmeldedienst
path = /var/lib/samba/netlogon
admin users = root
guest ok = Yes
read only = Yes
browseable = No
[Profiles]
comment = Roaming Profile Share (wandernde Benutzerprofile)
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
#root preexec = /usr/local/bin/chkProfile.sh %U
create mask = 0600
directory mask = 0700
browsable = No
csc policy = disable
[printers]
comment = All Printers
path = /var/spool/samba
browseable = yes
public = yes
guest ok = yes
writable = no
printable = yes
printer admin = root, @ntadmins
[print$]
comment = Druckertreiber
path = /var/lib/samba/printers
browseable = yes
guest ok = no
read only = yes
write list = root, @ntadmins
----------
My "pdbedit -Lv" output
---------------
Unix username: nobody
NT username:
Account Flags: [DU ]
User SID: S-1-5-21-1072998297-3188006019-86605864-501
Primary Group SID: S-1-5-21-1072998297-3188006019-86605864-514
Full Name: nobody
Home Directory: \\intranetserver\nobody
HomeDir Drive: H:
Logon Script: logon.cmd
Profile Path: \\INTRANETSERVER\Profiles\nobody
Domain: INTRANET
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Fr, 13 Dez 1901 21:45:51 GMT
Kickoff time: Fr, 13 Dez 1901 21:45:51 GMT
Password last set: 0
Password can change: 0
Password must change: Fr, 13 Dez 1901 21:45:51 GMT
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
---------------
Unix username: navid
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1072998297-3188006019-86605864-3000
Primary Group SID: S-1-5-21-1072998297-3188006019-86605864-513
Full Name: Navid Zamani
Home Directory: \\intranetserver\navid
HomeDir Drive: H:
Logon Script: logon.cmd
Profile Path: \\INTRANETSERVER\Profiles\navid
Domain: INTRANET
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Fr, 13 Dez 1901 21:45:51 GMT
Kickoff time: Fr, 13 Dez 1901 21:45:51 GMT
Password last set: So, 27 Jun 2004 05:40:22 GMT
Password can change: So, 27 Jun 2004 05:40:22 GMT
Password must change: Fr, 13 Dez 1901 21:45:51 GMT
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
---------------
Unix username: root
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1072998297-3188006019-86605864-1000
Primary Group SID: S-1-5-21-1072998297-3188006019-86605864-512
Full Name: Administrator
Home Directory: \\intranetserver\root
HomeDir Drive: H:
Logon Script: logon.cmd
Profile Path: \\INTRANETSERVER\Profiles\root
Domain: INTRANET
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Fr, 13 Dez 1901 21:45:51 GMT
Kickoff time: Fr, 13 Dez 1901 21:45:51 GMT
Password last set: Do, 19 Mai 2005 10:54:27 GMT
Password can change: Do, 19 Mai 2005 10:54:27 GMT
Password must change: Fr, 13 Dez 1901 21:45:51 GMT
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
---------------
Unix username: cyberstation3$
NT username:
Account Flags: [W ]
User SID: S-1-5-21-1072998297-3188006019-86605864-3002
Primary Group SID: S-1-5-21-1072998297-3188006019-86605864-513
Full Name: CYBERSTATION3$
Home Directory: \\intranetserver\cyberstation3_
HomeDir Drive: H:
Logon Script: logon.cmd
Profile Path: \\INTRANETSERVER\Profiles\cyberstation3_
Domain: INTRANET
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Fr, 13 Dez 1901 21:45:51 GMT
Kickoff time: Fr, 13 Dez 1901 21:45:51 GMT
Password last set: Fr, 17 Jun 2005 16:39:04 GMT
Password can change: Fr, 17 Jun 2005 16:39:04 GMT
Password must change: Fr, 13 Dez 1901 21:45:51 GMT
Last bad password : 0
Bad password count : 0
Logon hours : 000000000000000000000000000000000000000000
----------
My "net groupmap list" output:
System Operators (S-1-5-32-549) -> ntadmins
Domain Admins (S-1-5-21-1072998297-3188006019-86605864-512) -> ntadmins
Replicators (S-1-5-32-552) -> ntadmins
Guests (S-1-5-32-546) -> nobody
Domain Users (S-1-5-21-1072998297-3188006019-86605864-513) -> users
Power Users (S-1-5-32-547) -> users
Domain Guests (S-1-5-21-1072998297-3188006019-86605864-514) -> nobody
Print Operators (S-1-5-32-550) -> ntadmins
Administrators (S-1-5-32-544) -> ntadmins
Account Operators (S-1-5-32-548) -> ntadmins
Backup Operators (S-1-5-32-551) -> ntadmins
Users (S-1-5-32-545) -> users
More information about the samba
mailing list