[Samba] windows SID are unknown for a samba member server?

Alexander Lazarevich alazarev at itg.uiuc.edu
Thu Aug 31 17:03:30 GMT 2006

More info:

In additon, samba logs indicate the problem with this message:

[2006/08/31 11:08:06, 2]
   Returning domain sid for domain DUDESDOMAIN ->

That SID is not DUDESDOMAIN\dudeman SID. That SID must be created by samba
when it can't resolve the SID for the DUDESMAN domain. It is very odd that 
it *says* it's getting that SID from the DUDESDOMAIN, but I assure you the 
SID is not correct.



On Thu, 31 Aug 2006, Alexander Lazarevich wrote:

> We run samba on at least two of our linux servers. Both smb.conf's are domain 
> members of an NT4 windows server, so all security information is gathered 
> from the NT4 domain controller. We have a problem on one of the samba servers 
> whereby samba is unable to recognize the account SID for a domain user. This 
> is a new problem, only on newer versions of samba.
> The problem manifests itself on the windows clients as such:
> - let's say our domain is DUDESDOMAIN
> - let's say the username is dudeman
> - thus, permissions on files used to be "dudeman (DUDESDOMAIN\dudeman)"
> - but now, only on newer versions of samba, permissions are now showing up
>  as: "dudeman (Unix User\dudeman)", and the older permission object is
>  showing up as an "Account Unknown (SID#)"
> I'm not sure there are any other symptoms of this problem, windows machines 
> work okay. However, just today we discovered that WinZip files complain about 
> bad permissions on all .zip files, and I'm wondering if this is another 
> symptom. Either way, samba should be able to resolve the SID the the 
> DUDESDOMAIN domain, like it used to just fine.
> The older server is RHEL3-AS x86 running samba-3.0.9-1.3E.10 RPM from RedHat. 
> This server is working fine, the permissions are correct on all files as 
> "dudeman (DUDESDOMAIN\dudeman)".
> The new server is RHEL4-AS x64 running a compiled samba-3.0.23a.
> I have verified that the older samba server does NOT have this problem at 
> all. The newer samba server has the problem on all files.
> Any ideas? I'm looking through the smb.conf to find the answer, thought it 
> might be related to the "windbind use default domain", but no matter what I 
> set that to, the behavior is the same.
> Anyone else see this problem, know the solution?
> Here is a snippit from our global smb.conf on the newer samba server, the 
> smb.conf on the older server is exactly the same, except for minor changes in 
> hostnames and such:
> [global]
>   server string = Samba File Server
>   interfaces = xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
>   wins server = xxx.xxx.xxx.xxx
>   domain master = no
>   preferred master = no
>   netbios name = samba-hostname
>   announce version = 1.0
>   load printers = no
>   password level = 8
>   security = server
>   password server = IP-of-NT4-PDC
>   workgroup = DUDESDOMAIN
>   encrypt passwords = yes
>   large readwrite = no
>   hosts allow = xxx.xxx.xxx.xxx
>   log file = /var/log/samba/hostname-samba.log
>   log level = 2
>   max log size = 0
> #   idmap uid = 16777216-33554431
> #   idmap gid = 16777216-33554431
>   template shell = /bin/false
> #   winbind use default domain = no
> testparm on smb.conf is fine:
> [root at zeus lib]# testparm
> Load smb config files from /usr/local/encap/samba-3.0.23a/lib/smb.conf
> Processing section "[homes]"
> Processing section "[staff]"
> Processing section "[users]"
> Loaded services file OK.
> Like I said before, samba has worked fine until a recent upgrade, I'm not 
> sure when these permissions issues first started showing up though.
> Thanks,
> Alex
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list