[Samba] XP SP2 connecting to 3.0.10-1.4E

Craig White craigwhite at azapple.com
Mon Oct 3 12:30:22 GMT 2005 

On Mon, 2005-10-03 at 02:42 -0400, Chris Robinson wrote:
> Yeah I looked into that fix you mentioned.  No luck there.  Didn't think 
> it would because I am only having problems with SP2.
> 
> My groupmaps look good.
> 
> Basically with XP SP2 I can log in and do whatever then logout.  None of 
> my changes are saved next time I log back into that account unless I 
> give that account Administrative privileges...but only with SP2...very 
> strange.
> 
> Craig White wrote:
> > On Sun, 2005-10-02 at 21:38 -0400, Chris Robinson wrote:
> > 
> >>The reason acls are commented out is because I tried them and it made no 
> >>difference.  As I understand it csc policy = disable would be for 
> >>roaming profiles which generally I don't use but leave the ability for 
> >>special circumstances.
> >>
> >>Didn't know if the XP firewall settings would make a difference here or 
> >>not, but I figured the more info the better.
> >>
> >>My permissions on /home/samba-ntprof are almost identical to yours 
> >>except I use a different group.
> >>
> >>Just to reiterate...XP SP1 does work exactly as I want it to.  It's only 
> >>XP SP2 that is causing problems.
> >>
> > 
> > ----
> > there was an issue with SP1 which sounds almost identical to what you
> > are experiencing...I thought that this was fixed though.
> > 
> > yes, the csc policy is for roaming profiles (I thought that this was the
> > intended use). 
> > 
> > <http://lists.samba.org/archive/samba/2002-November/056182.html>
> > 
> > I may not be a help here though it seems odd that you should be having
> > difficulties with this. Perhaps your group mapping is wrong or the SID
> > isn't correct for the users...
> > 
> > you might want to check...
> > 
> > net groupmap list (it should be similar - obviously different SID base
> > codes but the -513 for Domain Users is significant)
> > 
> > # net groupmap list
> > Domain Computers (S-1-5-21-1423820788-2381578139-3432021425-553) ->
> > Domain Computers
> > Domain Admins (S-1-5-21-1423820788-2381578139-3432021425-512) -> root
> > Domain Users (S-1-5-21-1423820788-2381578139-3432021425-513) ->
> > dom_users
> > Domain Guests (S-1-5-21-1423820788-2381578139-3432021425-514) -> Domain
> > Guests
> > Administrators (S-1-5-21-1423820788-2381578139-3432021425-544) ->
> > Administrators
> > Guests (S-1-5-21-1423820788-2381578139-3432021425-546) -> Guests
> > Power Users (S-1-5-21-1423820788-2381578139-3432021425-547) -> Power
> > Users
> > Account Operators (S-1-5-21-1423820788-2381578139-3432021425-548) ->
> > Account Operators
> > Server Operators (S-1-5-21-1423820788-2381578139-3432021425-549) ->
> > Server Operators
> > Print Operators (S-1-5-21-1423820788-2381578139-3432021425-550) -> Print
> > Operators
> > Backup Operators (S-1-5-21-1423820788-2381578139-3432021425-551) ->
> > Backup Operators
> > Replicator (S-1-5-21-1423820788-2381578139-3432021425-552) -> Replicator
----
Well your comment about very strange tells me that you don't think that
the problem is of your own doing but I would bet that it is.

I use CentOS 4.1 (samba-3.0.10-1.4E) and have a WinXP SP2 sitting right
here and have no such problems as well as several networks using RHEL 3
& 4 (and also CentOS) and those users are all non-privileged users and I
don't have those problems. I would bet that there are millions of people
using samba 3.0.x with WinXP SP2 clients that aren't having that
problem.

Those users profiles which are having a problem...either their primary
group membership isn't the 'Domain Users' -513 RID or you have mucked
somewhere else with permissions. From your first post where you
suggested that you have been playing with firewall settings, it's pretty
clear that you have engaged in a shotgun, change settings that you don't
understand and pray that something fixes your problem.

Since you chose to show us no details, I can be of little help beyond
this. You might try 'pdbedit -v USER_NAME'

it should look something like...
User SID:             S-1-5-21-1423820788-2381578139-3432021425-1000
Primary Group SID:    S-1-5-21-1423820788-2381578139-3432021425-513

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list