[Samba] windows SID are unknown for a samba member server?

Alexander Lazarevich alazarev at itg.uiuc.edu
Thu Aug 31 16:35:40 GMT 2006 

We run samba on at least two of our linux servers. Both smb.conf's are 
domain members of an NT4 windows server, so all security information is 
gathered from the NT4 domain controller. We have a problem on one of the 
samba servers whereby samba is unable to recognize the account SID for a 
domain user. This is a new problem, only on newer versions of samba.

The problem manifests itself on the windows clients as such:
- let's say our domain is DUDESDOMAIN
- let's say the username is dudeman
- thus, permissions on files used to be "dudeman (DUDESDOMAIN\dudeman)"
- but now, only on newer versions of samba, permissions are now showing up
   as: "dudeman (Unix User\dudeman)", and the older permission object is
   showing up as an "Account Unknown (SID#)"

I'm not sure there are any other symptoms of this problem, windows 
machines work okay. However, just today we discovered that WinZip files 
complain about bad permissions on all .zip files, and I'm wondering if 
this is another symptom. Either way, samba should be able to resolve the 
SID the the DUDESDOMAIN domain, like it used to just fine.

The older server is RHEL3-AS x86 running samba-3.0.9-1.3E.10 RPM from 
RedHat. This server is working fine, the permissions are correct on all 
files as "dudeman (DUDESDOMAIN\dudeman)".

The new server is RHEL4-AS x64 running a compiled samba-3.0.23a.

I have verified that the older samba server does NOT have this problem at 
all. The newer samba server has the problem on all files.

Any ideas? I'm looking through the smb.conf to find the answer, thought it 
might be related to the "windbind use default domain", but no matter what 
I set that to, the behavior is the same.

Anyone else see this problem, know the solution?

Here is a snippit from our global smb.conf on the newer samba server, the 
smb.conf on the older server is exactly the same, except for minor 
changes in hostnames and such:

[global]
    server string = Samba File Server
    interfaces = xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
    wins server = xxx.xxx.xxx.xxx
    domain master = no
    preferred master = no
    netbios name = samba-hostname
    announce version = 1.0
    load printers = no
    password level = 8
    security = server
    password server = IP-of-NT4-PDC
    workgroup = DUDESDOMAIN
    encrypt passwords = yes
    large readwrite = no
    hosts allow = xxx.xxx.xxx.xxx
    log file = /var/log/samba/hostname-samba.log
    log level = 2
    max log size = 0
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
#   idmap uid = 16777216-33554431
#   idmap gid = 16777216-33554431
    template shell = /bin/false
#   winbind use default domain = no

testparm on smb.conf is fine:

[root at zeus lib]# testparm
Load smb config files from /usr/local/encap/samba-3.0.23a/lib/smb.conf
Processing section "[homes]"
Processing section "[staff]"
Processing section "[users]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER

Like I said before, samba has worked fine until a recent upgrade, I'm not 
sure when these permissions issues first started showing up though.

Thanks,

Alex

More information about the samba mailing list