What I'm attempting to do is get services for unix working on a win2k box, running off of a samba PDC. I am having great difficulty doing so. I have added a trust relationship and added the 2k server into the domain. I then try and change ownership to anyone in the domain without luck. It always gives me that the Sid Lookup Failed. Microsoft said the following and basically told me to use an NT/2k PDC. I completely trust the machine in every way, so I'm not too worried about security of the machine, however I want it to work on these RPC calls to get the SIDs. For some reason, it doesn't seem to be giving me any SIDs. Any ideas?
--- START M$ ANSWER --- No. The NFS server running on your file server will need the mapped domain user's SID in order to impersonate him while accessing files. The DC will not give out that SID unless the NFS subauthentication DLL (aka Server for NFS Authentication) is installed on it.
In other words, you will have to migrate the DC first, and install Server for NFS Auth on it if you need to use mapped domain users...Further, the DC should be running pre-Win2k compat mode if the mapping server (running as local service on a member server) is to be able to get the list of users. --- END M$ ANSWER ---
-Mike
From: Brad Langhorst <[EMAIL PROTECTED]> To: Mike Miller <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: [Samba] PDC Functions Date: 08 Aug 2003 00:19:24 -0400
On Thu, 2003-08-07 at 23:33, Mike Miller wrote: > Well The windows 2000 machine is trying to obtain the SID for a user > [domain\username], is that 2k machine joined to the samba domain? the SID is not really a secret so i don't know why it would be tight about them if the sid is just the machine's SID + a user ID 2*UID+2 (if i recall correctly) you can determine the samba machine's SID with rpcclient (lsaquery command)
> but it is very tight about such security of the users' > SIDs. windows is tight or samba is tight?
> It _will_ give me a list of users, but not their SIDs in order to > assign file permissions to these users. there should be no users on the win2k machine in a pdc environment.
Are you trying to migrate to samba? There is tool to suck out the info from an NT4 pdc (vampire) but I'm not aware of any tool to migrate from 2k to samba.
I don't know how to determine the SIDs of your 2k users but they must be in the 2k user manager somewhere.
What's stopping you from just recreating all the users on the new PDC?
I don't really understand what you're trying to do... sorry
brad
_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
