[Samba] Altered behavior in 3.0.25 and 3.0.24-gc-1
Jean-Jacques Moulis
jj at isy.liu.se
Tue May 22 11:07:44 GMT 2007
On Mon, 21 May 2007 12:31:57 -0500 "Gerald (Jerry) Carter" <jerry at samba.org> wrote:
GC> Jean-Jacques Moulis wrote:
GC> > By mistake or by design membership in a Windows Primary Group seems to be mandatory!
GC> >
GC> > We are using printservers configured as member servers of Samba domains.
GC> >
GC> > with the following configuration
GC> >
GC> > security = DOMAIN
GC> > password server = PDC
GC> > encrypt passwords = yes
GC> > map to guest = Bad Password
GC> >
GC> > The Samba PDCs use plain smbpasswd files.
GC> >
GC> > Since upgrading to 3.0.25 and regressing to 3.0.24-gc-1 some users couldn't
GC> > print (strange considering map to guest = Bad Password)
GC> >
GC> > they got an NT_STATUS_UNSUCCESSFUL in log files and were refused printing.
GC> >
GC> > The common denominator for users with print problems was
GC> > the lack of mapping from their GID to a SID
GC> >
GC> > net groupmap add ntgroup="A new group" unixgroup=gidgroupname
GC> > solved the problem but it took a while to find out :-)
GC> Please test the gc-2 snapshot. This might be related to
GC> the regression from the CVE-2007-2444 patch.
The gc-2 snapshot gives the same result for people with an unmapped GID
(or not explicitly in the Domain User group -513)
I have a log level 10 for both the PDC and the domain member.
How should I made it available to you?
As I said, mapping the GID to a SID solves the problem, I'm prepared
to accept the behavior as feature :-)
--
Jean-Jacques Moulis Tel: (013) 281684
ISY Fax: (013) 139282
Linköping University E-mail: jj at isy.liu.se
581 83 Linköping
More information about the samba
mailing list