[Samba] Concern about 3.0.22->3.0.23b upgrade (algorithmic SIDs issue)

[Gerald (Jerry) Carter]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Deutschmann wrote:
> On Sat, 26 Aug 2006, you wrote:
>>> I'm running as a lone Samba PDC, and -not-
>>> using winbindd.
>> The RID algorithm in 3.0.23c will potentially impact you.
>> Have I already suggested testing the 3.02.3c-gwc patch
>> at http://www.samba.org/~jerryy/patches/ ?  You might
>> want to get the patch and read over the release notes
>> at least.
> 
> I've installed it and it seems to work.

Excellent!

> I think the problem I was fearing rests on a 
> misunderstanding.  The text said this would affect
> "unmapped" SIDs.  I took this to mean all SIDs
> that I did not explictly map -- which is
> everything except the magic privelege
> determining groups (ie: Domain Admins, Power Users).  
> So I was afraid that my users would lose
> ownership to all the files they created on
> their own harddrives.
> 
> It's now apparent that an entry in smbpasswd 
> counts as a SID mapping (which just so happens
> to match exactly the SIDs that would have
> been generated for an unmapped users at 
> the same unix uid.)

Correct.

> While no change to the code is needed, the documentation 
> about the 3.0.23 changes should be updated to clarify
> that:

Perhaps I should have just said an entry in Samba's passdb.
This covers both users and groups.  Would that have been
better ?




cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE9vwrIR7qMdg1EfYRAu4RAKCLuiKJVZc9R4KhnnWP9PJx92o6CACg8wkA
ZLWTqKFWPiww/NOON3DE2YI=
=G6YQ
-----END PGP SIGNATURE-----