[Samba] Missing sids for domain administrator?

Ian Puleston ipuleston at SonicWALL.com
Thu Oct 29 14:43:52 MDT 2009 

> -----Original Message-----
> From: samba-bounces at lists.samba.org On Behalf Of Ian Puleston
> Sent: Thursday, October 29, 2009 11:22 AM
> 
> I'm working on bug https://bugzilla.samba.org/show_bug.cgi?id=6592 and
> something that has apparently changed in my setup is preventing me
from
> testing the final stages of the fix. I have a machine running Samba
> server and joined to the domain, and am accessing that from the W2K3
> domain server, logged into the latter as the domain
> administrator. But the problem is that in its access checks smbd is
not
> getting the sid for the Administrators group (S-1-5-32-544).
> 
> Back in July I was getting the S-1-5-32-544 sid,
> but something has changed since then and now I am not. 
 
The samba log from back in July:
>   se_access_check: user sid is
> S-1-5-21-4023909512-3739307249-2032274589-500
>   se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-513
>   se_access_check: also S-1-1-0
>   se_access_check: also S-1-5-2
>   se_access_check: also S-1-5-11
>   se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-520
>   se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-519
>   se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-518
>   se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-512
>   se_access_check: also S-1-5-32-545
>   se_access_check: also S-1-5-32-544
>   se_access_check: also S-1-22-1-601
>   se_access_check: also S-1-22-2-604
>   se_access_check: also S-1-22-2-607
>   se_access_check: also S-1-22-2-608
>   se_access_check: also S-1-22-2-609
>   se_access_check: also S-1-22-2-610
>   se_access_check: also S-1-22-2-603
>   se_access_check: also S-1-22-2-602
> 
> The missing sids are for the Users and Administrators group, plus
those
> "S-2-22-2" sids, whatever they are.

A bit more information I've managed to glean. I'm working on Fedora 10
which has Samba 3.2.15 installed, but the version I was building and
testing with was 3.2.4. Having now downloaded and built 3.2.15 I am now
seeing those "S-2-22-[12]" sids, but still not the sids for the
Administrators and Users groups.

But if I run the Fedora version of smbd 3.2.15 then I see the
S-1-5-32-545 sid too, but still not S-1-5-32-544. If I run the version
of 3.2.15 that I built I see neither. To build it I used "./configure
--with-ads", are there maybe some other options I should have used that
may explain that difference?

And I still need to find why I don't see sid S-1-5-32-544 with any
version?

Ian

More information about the samba mailing list