[Samba] 3.0.20 -> 3.0.23 SID/group error?? Won't connect.

david rankin drankin at cox-internet.com
Fri Aug 18 05:03:51 GMT 2006


>From: "Gerald (Jerry) Carter" <jerry at samba.org>
>
> This is to be expected.  All unmapped users will
> possess a SID in the S-1-22-1 domain and all unmapped
> groups will be in the S-1-22-2 domain.
>
> HOSTNAME\users would work for a mapped group.
> BUILTIN\users would work if you have local builtin group
>  called users (e.g. "net sam createbuiltin Users")
>
>> And it's not that I expect all of these to work, it's
>> more that I tried about any combo that I saw in the
>> logs :-). Though I believe that the +"Unix Group\users"
>> is nice to have in case I switch to PDC, cause
>> personally I like to be explicit in configuration files.
>
> There problem is that if you create a group map entry
> for HOSTNAME\users, "unix Group\users" will resolve to
> a different SID and hence anyone actually in the users
> group from /etc/group will have the HOSTNAME\users SID in
> their token.
>
> At this time we are *not* recommending that anyone qualify
> names with HOSTNAME or "Unix XXX".  Samba will handle
> the steps necessary to resolve the name, giving precedence
> to mapped users and groups over unmapped ones.  You only
> have to qualify domain names and groups in the BUILTIN domain.
>
> I've got a long mail that explains we made this change
> and we had a hard time with 3.0.23.  I'll try to send
> it out next week.
>

Jerry,

   Any headway on incorporating the patches into a 3.0.23c release that will 
help all of us that are running stand-along, no-winbind, simple smbpasswd 
setups?? I was never able to get the patches to apply properly and my manual 
compile messed up my ability to print with cups. (yes I compiled 
with --enable-cups) I have dropped back to the 3.0.20-SuSE rpms and it is 
working, but I would like to help get 3.0.23b fixed. Any word??


--
David C. Rankin, J.D., P.E.
RANKIN LAW FIRM, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax
www.rankinlawfirm.com
-- 



More information about the samba mailing list