Hi, I'm working on bug https://bugzilla.samba.org/show_bug.cgi?id=6592 and something that has apparently changed in my setup is preventing me from testing the final stages of the fix. I have a machine running Samba server and joined to the domain, and am accessing that from the W2K3 domain server logged, logged into the latter as the domain administrator. But the problem is that in its access checks smbd is not getting the sid for the Administrators group (S-1-5-32-544).
In an email that I sent back in July (http://lists.samba.org/archive/samba/2009-July/149285.html) I included my samba log file, and at that point I was getting the S-1-5-32-544 sid, but something has changed since then and now I am not. My question is does anyone have any idea of what may have changed that would cause that? Here is an extract from the log in that email: Checking password for unmapped user [sd80]\[administrat...@[ianserver] with the new password interface check_ntlm_password: mapped user is: [sd80]\[administrat...@[ianserver] check_ntlm_password: winbind authentication for user [Administrator] succeeded check_ntlm_password: authentication for user [Administrator] ->[Administrator] -> [SD80+administrator] succeeded se_access_check: user sid is S-1-5-21-4023909512-3739307249-2032274589-500 se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-520 se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-519 se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-518 se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-512 se_access_check: also S-1-5-32-545 se_access_check: also S-1-5-32-544 se_access_check: also S-1-22-1-601 se_access_check: also S-1-22-2-604 se_access_check: also S-1-22-2-607 se_access_check: also S-1-22-2-608 se_access_check: also S-1-22-2-609 se_access_check: also S-1-22-2-610 se_access_check: also S-1-22-2-603 se_access_check: also S-1-22-2-602 And here is what I am seeing now: check_ntlm_password: Checking password for unmapped user [sd80]\[administrat...@[ianserver] with the new password interface check_ntlm_password: mapped user is: [sd80]\[administrat...@[ianserver] check_ntlm_password: winbind authentication for user [Administrator] succeeded check_ntlm_password: authentication for user [Administrator] -> [Administrator] -> [SD80+administrator] succeeded se_access_check: user sid is S-1-5-21-4023909512-3739307249-2032274589-500 se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-520 se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-519 se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-518 se_access_check: also S-1-5-21-4023909512-3739307249-2032274589-512 The missing sids are for the Users and Administrators group, plus those "S-2-22-2" sids, whatever they are. Thanks Ian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba