[Samba] Missing sids for domain administrator?
Ian Puleston
ipuleston at SonicWALL.com
Thu Oct 29 14:43:52 MDT 2009
> -----Original Message-----
> From: samba-bounces at lists.samba.org On Behalf Of Ian Puleston
> Sent: Thursday, October 29, 2009 11:22 AM
>
> I'm working on bug https://bugzilla.samba.org/show_bug.cgi?id=6592 and
> something that has apparently changed in my setup is preventing me
from
> testing the final stages of the fix. I have a machine running Samba
> server and joined to the domain, and am accessing that from the W2K3
> domain server, logged into the latter as the domain
> administrator. But the problem is that in its access checks smbd is
not
> getting the sid for the Administrators group (S-1-5-32-544).
>
> Back in July I was getting the S-1-5-32-544 sid,
> but something has changed since then and now I am not.
The samba log from back in July:
> se_access_check: user sid is
> S-1-5-21-4023909512-3739307249-2032274589-500
> se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-513
> se_access_check: also S-1-1-0
> se_access_check: also S-1-5-2
> se_access_check: also S-1-5-11
> se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-520
> se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-519
> se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-518
> se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-512
> se_access_check: also S-1-5-32-545
> se_access_check: also S-1-5-32-544
> se_access_check: also S-1-22-1-601
> se_access_check: also S-1-22-2-604
> se_access_check: also S-1-22-2-607
> se_access_check: also S-1-22-2-608
> se_access_check: also S-1-22-2-609
> se_access_check: also S-1-22-2-610
> se_access_check: also S-1-22-2-603
> se_access_check: also S-1-22-2-602
>
> The missing sids are for the Users and Administrators group, plus
those
> "S-2-22-2" sids, whatever they are.
A bit more information I've managed to glean. I'm working on Fedora 10
which has Samba 3.2.15 installed, but the version I was building and
testing with was 3.2.4. Having now downloaded and built 3.2.15 I am now
seeing those "S-2-22-[12]" sids, but still not the sids for the
Administrators and Users groups.
But if I run the Fedora version of smbd 3.2.15 then I see the
S-1-5-32-545 sid too, but still not S-1-5-32-544. If I run the version
of 3.2.15 that I built I see neither. To build it I used "./configure
--with-ads", are there maybe some other options I should have used that
may explain that difference?
And I still need to find why I don't see sid S-1-5-32-544 with any
version?
Ian
More information about the samba
mailing list